Re: [vpp-dev] VLAN to VLAN

2018-05-09 Thread carlito nueno 
forget to mention, upgraded to vpp v18.04-rc2~26-gac2b736~b45

Current setup:
GigabitEthernet0/14/0.1, Idx 9, ip 192.168.0.0/24, vlan 1
GigabitEthernet0/14/0.2, Idx 12, ip 192.168.2.0/24, vlan 2

I don't want devices on vlan1 and vlan2 to communicate with each other.
I tried to use macip via VAT

vat# macip_acl_add ipv4 deny ip 192.168.2.0/24
vat# macip_acl_interface_add_del sw_if_index 9 add acl 0

But, devices under 192.168.0.0/24 can't communicate with each other.

Thanks

Re: [vpp-dev] VLAN to VLAN

2018-05-09 Thread carlito nueno 
First Question:
Tried to do “make test TEST=acl_plugin_macip”, but I got this error:

Using /vpp/build-root/python/virtualenv/lib/python2.7/site-packages
Finished processing dependencies for vpp-papi==1.4
make -C ext
make[1]: Entering directory '/vpp/test/ext'
make[1]: *** No rule to make target '/vpp/vpp-api/vapi/.libs/libvapiclient.so', 
needed by '/vapi_test/vapi_c_test'.  Stop.
make[1]: Leaving directory '/vpp/test/ext'
Makefile:129: recipe for target 'ext' failed
make: *** [ext] Error 2

ubuntu 16.04
python2.7
downloaded vpp src to /vpp
export VPP_PYTHON_PREFIX=/vpp/build-root/python
export WS_ROOT=/vpp
Second question:
When using govpp to load acl, how to maintain persistence when vpp is restarted?
- does the go app need to be re-run?

Thanks

[vpp-dev] Help with VLAN setup

2018-01-08 Thread Carlito Nueno 
Hi all,

I followed the home gateway tutorial [1] to setup a router on ubuntu box.

I have a switch with two VLANs, vlan20 and vlan30, on port 1 connected
to VPP router box on port 1. So, its only one physical cable.

My current setup diagram and vpp config files:
https://gist.github.com/anonymous/6f6815d2c18fb8ed324b7a096231d606

On the VPP router:
- port 0 is connected to ISP
- DHCP server listens on lstack tap device

I am trying to:
- give clients connected to vlan20 a different subnet via dhcp than
clients connected to vlan30.
- get both subnets to access the internet via port 0 because only one
port is connected to the ISP

With the current vlan setup (2_vpp_vlan.config) vlan20 packets are
only seen on lstack and not lvlan20.

Thanks!

[1]: https://wiki.fd.io/view/VPP/VPP_Home_Gateway
___
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev

Re: [vpp-dev] Help with VLAN setup

2018-01-08 Thread Carlito Nueno 
Sorry, here is the updated gist link:
https://gist.github.com/ironpillow/a57cf283ce30ac344ef39e5425a81260

On Mon, Jan 8, 2018 at 3:02 PM, Carlito Nueno <carlitonu...@gmail.com> wrote:
> Hi all,
>
> I followed the home gateway tutorial [1] to setup a router on ubuntu box.
>
> I have a switch with two VLANs, vlan20 and vlan30, on port 1 connected
> to VPP router box on port 1. So, its only one physical cable.
>
> My current setup diagram and vpp config files:
> https://gist.github.com/anonymous/6f6815d2c18fb8ed324b7a096231d606
>
> On the VPP router:
> - port 0 is connected to ISP
> - DHCP server listens on lstack tap device
>
> I am trying to:
> - give clients connected to vlan20 a different subnet via dhcp than
> clients connected to vlan30.
> - get both subnets to access the internet via port 0 because only one
> port is connected to the ISP
>
> With the current vlan setup (2_vpp_vlan.config) vlan20 packets are
> only seen on lstack and not lvlan20.
>
> Thanks!
>
> [1]: https://wiki.fd.io/view/VPP/VPP_Home_Gateway
___
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev

[vpp-dev] nat with multiple in single out

2018-01-17 Thread Carlito Nueno 
Hi,

I have 4 VLANs each with loopback interface and a tap interface. I
want each of the tap interfaces to have access to the WAN (internet)
via BondEthernet0 interface. I am using ubuntu.

snat config:

nat44 add interface address BondEthernet0
set interface nat44 in loop0 out BondEthernet0   // gw addr 10.0.0.1 (ltap0)
set interface nat44 in loop1 out BondEthernet0   // gw 10.1.0.1 (ltap1)
set interface nat44 in loop2 out BondEthernet0   // gw 10.2.0.1 (ltap2)
set interface nat44 in loop3 out BondEthernet0   // gw 10.3.0.1 (ltap3)

I am setting route as:
sudo route add default gw 10.3.0.1 dev ltap3

I am not able to ping. (ping -I ltap3 google.com)

But when I change the order, move loop3 to second position or first
position, I can ping via ltap3

nat44 add interface address BondEthernet0
set interface nat44 in loop0 out BondEthernet0   // gw addr 10.0.0.1 (ltap0)
set interface nat44 in loop3 out BondEthernet0   // gw 10.3.0.1 (ltap3)
set interface nat44 in loop1 out BondEthernet0   // gw 10.1.0.1 (ltap1)
set interface nat44 in loop2 out BondEthernet0   // gw 10.2.0.1 (ltap2)

I can only ping via whatever interfaces are set in first and second position.

Also when I have more than one set interface nat44, I see an error in the logs:
set interface nat44: add BondEthernet0 failed

when loop3 is in second position:

vpp# sh nat44 detail
NAT plugin mode: dynamic translations enabled
loop0 in
BondEthernet0 out
loop3 in
NAT44 pool addresses interfaces:
BondEthernet0
10.1.0.71
  tenant VRF independent
  0 busy udp ports
  0 busy tcp ports
  0 busy icmp ports
0 users, 1 outside addresses, 0 active sessions, 0 static mappings
Hash table in2out-ed
0 active elements
0 free lists
0 linear search buckets
0 cache hits, 0 cache misses
Hash table out2in-ed
0 active elements
0 free lists
0 linear search buckets
0 cache hits, 0 cache misses

Thanks
___
vpp-dev mailing list
vpp-dev@lists.fd.io
https://lists.fd.io/mailman/listinfo/vpp-dev

[vpp-dev] Bonding error -- uio_interrupt

2018-08-16 Thread carlito nueno 
Hi,

I am trying to bond two Intel 82599 on Intel Atom C3000. But I am
getting uio_interrupt error and BondEthernet0 is down. Each NIC works
by itself, without bonding.

[   12.473426] irq 16: nobody cared (try booting with the "irqpoll" option)
[   12.480149] CPU: 2 PID: 0 Comm: swapper/2 Not tainted
4.15.0-20-generic #21-Ubuntu
[   12.480150] Hardware name: Default string Default string/Default
string, BIOS R0.10 12/27/2017
[   12.480152] Call Trace:
[   12.480154]  
[   12.480164]  dump_stack+0x63/0x8b
[   12.480168]  __report_bad_irq+0x35/0xc0
[   12.480170]  note_interrupt+0x24b/0x2a0
[   12.480173]  handle_irq_event_percpu+0x54/0x80
[   12.480175]  handle_irq_event+0x3b/0x60
[   12.480177]  handle_fasteoi_irq+0x75/0x130
[   12.480180]  handle_irq+0x20/0x30
[   12.480183]  do_IRQ+0x46/0xd0
[   12.480185]  common_interrupt+0x84/0x84
[   12.480186]  
[   12.480190] RIP: 0010:cpuidle_enter_state+0xa7/0x2f0
[   12.480191] RSP: 0018:bde940cc7e68 EFLAGS: 0246 ORIG_RAX:
ffda
[   12.480194] RAX: a0727fd22880 RBX: 0002e7793c59 RCX: 001f
[   12.480195] RDX: 0002e7793c59 RSI: fffd3353a7e3 RDI: 
[   12.480196] RBP: bde940cc7ea8 R08:  R09: 0001
[   12.480198] R10: bde940cc7e38 R11: 0001 R12: a0727fd2c300
[   12.480199] R13: 0001 R14: b3571c98 R15: 
[   12.480202]  ? cpuidle_enter_state+0x97/0x2f0
[   12.480204]  cpuidle_enter+0x17/0x20
[   12.480207]  call_cpuidle+0x23/0x40
[   12.480209]  do_idle+0x18c/0x1f0
[   12.480211]  cpu_startup_entry+0x73/0x80
[   12.480213]  start_secondary+0x1a6/0x200
[   12.480216]  secondary_startup_64+0xa5/0xb0
[   12.480218] handlers:
[   12.482499] [<37e500ce>] uio_interrupt [uio]
[   12.487468] [<37e500ce>] uio_interrupt [uio]
[   12.492452] [<37e500ce>] uio_interrupt [uio]
[   12.497427] Disabling IRQ #16
[  303.382435] irq 17: nobody cared (try booting with the "irqpoll" option)
[  303.389199] CPU: 0 PID: 0 Comm: swapper/0 Not tainted
4.15.0-20-generic #21-Ubuntu
[  303.389201] Hardware name: Default string Default string/Default
string, BIOS R0.10 12/27/2017
[  303.389202] Call Trace:
[  303.389204]  
[  303.389212]  dump_stack+0x63/0x8b
[  303.389216]  __report_bad_irq+0x35/0xc0
[  303.389219]  note_interrupt+0x24b/0x2a0
[  303.389221]  handle_irq_event_percpu+0x54/0x80
[  303.389223]  handle_irq_event+0x3b/0x60
[  303.389226]  handle_fasteoi_irq+0x75/0x130
[  303.389228]  handle_irq+0x20/0x30
[  303.389231]  do_IRQ+0x46/0xd0
[  303.389233]  common_interrupt+0x84/0x84
[  303.389234]  
[  303.389238] RIP: 0010:cpuidle_enter_state+0xa7/0x2f0
[  303.389240] RSP: 0018:b3403e10 EFLAGS: 0246 ORIG_RAX:
ffd6
[  303.389242] RAX: a0727fc22880 RBX: 0046a30082e4 RCX: 001f
[  303.389244] RDX: 0046a30082e4 RSI: fffd3353a7e3 RDI: 
[  303.389245] RBP: b3403e50 R08:  R09: 0001
[  303.389246] R10: b3403de0 R11: 0001 R12: a0727fc2c300
[  303.389247] R13: 0001 R14: b3571c98 R15: 
[  303.389251]  cpuidle_enter+0x17/0x20
[  303.389253]  call_cpuidle+0x23/0x40
[  303.389255]  do_idle+0x18c/0x1f0
[  303.389257]  cpu_startup_entry+0x73/0x80
[  303.389260]  rest_init+0xae/0xb0
[  303.389263]  start_kernel+0x4dc/0x4fd
[  303.389266]  x86_64_start_reservations+0x24/0x26
[  303.389267]  x86_64_start_kernel+0x74/0x77
[  303.389270]  secondary_startup_64+0xa5/0xb0
[  303.389272] handlers:
[  303.391558] [<37e500ce>] uio_interrupt [uio]

vppctl sh hardware-interface shows:

BondEthernet0  7down  Slave-Idx: 5 6
  Ethernet address 08:35:71:eb:70:54
  Ethernet Bonding
carrier down
flags: admin-up pmd maybe-multiseg
rx queues 1, rx desc 1024, tx queues 2, tx desc 1024
cpu socket 0

TenGigabitEthernet8/0/05slave TenGigabitEthernet8/0/0
  Ethernet address 08:35:71:eb:70:54
  Intel 82599
carrier down
flags: pmd maybe-multiseg bond-slave tx-offload intel-phdr-cksum
rx queues 1, rx desc 1024, tx queues 2, tx desc 1024
cpu socket 0

TenGigabitEthernet9/0/06slave TenGigabitEthernet9/0/0
  Ethernet address 08:35:71:eb:70:54
  Intel 82599
carrier down
flags: pmd maybe-multiseg bond-slave tx-offload intel-phdr-cksum
rx queues 1, rx desc 1024, tx queues 2, tx desc 1024
cpu socket 0


lspic -vvv shows:

08:00.0 Ethernet controller: Intel Corporation Ethernet Connection
X553 1GbE (rev 11)
Subsystem: Intel Corporation Ethernet Connection X553 1GbE
Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop-
ParErr+ Stepping- SERR+ FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort-
SERR- TAbort-
SERR- -=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#10190):

Re: [vpp-dev] received signal SIGSEGV and vpp restarts continuously

2018-08-27 Thread carlito nueno 
Hi Dave,

I recompiled vpp v18.10-rc0~229-g869031c5 using master on 08-23-18 and
have been running it since. I ran a few tests with various loads and
it hasn't crash so far. So, I guess it was some kind of mistake on my
part.

I will report back if anything changes.

Thank you.
On Thu, Aug 23, 2018 at 5:36 AM Dave Barach (dbarach)  wrote:
>
> Looks like a  NULL pointer - please decode the pc. It would help if you could 
> repro the problem with a debug image and send a full backtrace.
>
> vnet[10192]: received signal SIGSEGV, PC 0x7fa62aecade3, faulting address 0x0
>
> D.
>
> -Original Message-
> From: vpp-dev@lists.fd.io  On Behalf Of carlito nueno
> Sent: Wednesday, August 22, 2018 4:07 PM
> To: vpp-dev@lists.fd.io
> Subject: [vpp-dev] received signal SIGSEGV and vpp restarts continuously
>
> Hi all,
>
> I am using vpp 18.10 master branch and have 6 tap devices: lstack[1...6]
>
> startup.conf
> unix {
> nodaemon
> log /var/log/vpp/vpp.log
> full-coredump
> cli-listen /run/vpp/cli.sock
> gid vpp
> startup-config /home/testvpp/vpp.conf
> }
>
> api-trace {
> on
> }
>
> api-segment {
> gid vpp
> }
>
> cpu {
> main-core 2
> corelist-workers 3
> }
>
> nat {
> translation hash buckets 16000
> translation hash memory 268435456
> max translations per user 128
> }
>
> dpdk {
> num-mbufs 32768
> }
>
> Error:
> Started vector packet processing engine.
> vpp[10192]: vlib_plugin_early_init:361: plugin path 
> /usr/lib/vpp_plugins:/usr/lib64/vpp_plugins
> vpp[10192]: load_one_plugin:189: Loaded plugin: abf_plugin.so (ACL based 
> Forwarding)
> vpp[10192]: load_one_plugin:189: Loaded plugin: acl_plugin.so (Access Control 
> Lists)
> vpp[10192]: load_one_plugin:189: Loaded plugin: avf_plugin.so (Intel Adaptive 
> Virtual Function (AVF) Device Plugin)
> vpp[10192]: load_one_plugin:191: Loaded plugin: cdp_plugin.so
> vpp[10192]: load_one_plugin:189: Loaded plugin: dpdk_plugin.so (Data Plane 
> Development Kit (DPDK))
> vpp[10192]: load_one_plugin:189: Loaded plugin: flowprobe_plugin.so (Flow per 
> Packet)
> vpp[10192]: load_one_plugin:189: Loaded plugin: gbp_plugin.so (Group Based 
> Policy)
> vpp[10192]: load_one_plugin:189: Loaded plugin: gtpu_plugin.so (GTPv1-U)
> vpp[10192]: load_one_plugin:189: Loaded plugin: igmp_plugin.so (IGMP 
> messaging)
> vpp[10192]: load_one_plugin:189: Loaded plugin: ila_plugin.so 
> (Identifier-locator addressing for IPv6)
> vpp[10192]: load_one_plugin:189: Loaded plugin: ioam_plugin.so (Inbound OAM)
> vpp[10192]: load_one_plugin:117: Plugin disabled (default): ixge_plugin.so
> vpp[10192]: load_one_plugin:189: Loaded plugin: l2e_plugin.so (L2 Emulation)
> vpp[10192]: load_one_plugin:189: Loaded plugin: lacp_plugin.so (Link 
> Aggregation Control Protocol)
> vpp[10192]: load_one_plugin:189: Loaded plugin: lb_plugin.so (Load Balancer)
> vpp[10192]: load_one_plugin:189: Loaded plugin: mactime_plugin.so (Time-based 
> MAC source-address filter)
> vpp[10192]: load_one_plugin:189: Loaded plugin: map_plugin.so (Mapping of 
> address and port (MAP))
> vpp[10192]: load_one_plugin:189: Loaded plugin: memif_plugin.so (Packet 
> Memory Interface (experimetal))
> vpp[10192]: load_one_plugin:189: Loaded plugin: nat_plugin.so (Network 
> Address Translation)
> vpp[10192]: load_one_plugin:189: Loaded plugin: pppoe_plugin.so (PPPoE)
> vpp[10192]: load_one_plugin:189: Loaded plugin: srv6ad_plugin.so (Dynamic 
> SRv6 proxy)
> vpp[10192]: load_one_plugin:189: Loaded plugin: srv6am_plugin.so 
> (Masquerading SRv6 proxy)
> vpp[10192]: load_one_plugin:189: Loaded plugin: srv6as_plugin.so (Static SRv6 
> proxy)
> vpp[10192]: load_one_plugin:189: Loaded plugin: stn_plugin.so (VPP Steals the 
> NIC for Container integration)
> vpp[10192]: load_one_plugin:189: Loaded plugin: tlsmbedtls_plugin.so (mbedtls 
> based TLS Engine)
> vpp[10192]: load_one_plugin:189: Loaded plugin: tlsopenssl_plugin.so (openssl 
> based TLS Engine)
> vpp[10192]: load_one_plugin:117: Plugin disabled (default): unittest_plugin.so
> vpp[10192]: /usr/bin/vpp[10192]: clib_elf_parse_file: open
> `linux-vdso.so.1': No such file or directory
> /usr/bin/vpp[10192]: clib_elf_parse_file: open `linux-vdso.so.1': No such 
> file or directory
> vpp[10192]: /usr/bin/vpp[10192]: load_one_vat_plugin:67: Loaded
> plugin: cdp_test_plugin.so
> /usr/bin/vpp[10192]: load_one_vat_plugin:67: Loaded plugin: cdp_test_plugin.so
> vpp[10192]: /usr/bin/vpp[10192]: load_one_vat_plugin:67: Loaded
> plugin: vxlan_gpe_ioam_export_test_plugin.so
> vpp[10192]: /usr/bin/vpp[10192]: load_one_vat_plugin:67: Loaded
> plugin: udp_ping_test_plugin.so
> /usr/bin/vpp[10192]: load_one_vat_plugin:67: Loaded plugin:
> vxl

[vpp-dev] received signal SIGSEGV and vpp restarts continuously

2018-08-22 Thread carlito nueno 
Hi all,

I am using vpp 18.10 master branch and have 6 tap devices: lstack[1...6]

startup.conf
unix {
nodaemon
log /var/log/vpp/vpp.log
full-coredump
cli-listen /run/vpp/cli.sock
gid vpp
startup-config /home/testvpp/vpp.conf
}

api-trace {
on
}

api-segment {
gid vpp
}

cpu {
main-core 2
corelist-workers 3
}

nat {
translation hash buckets 16000
translation hash memory 268435456
max translations per user 128
}

dpdk {
num-mbufs 32768
}

Error:
Started vector packet processing engine.
vpp[10192]: vlib_plugin_early_init:361: plugin path
/usr/lib/vpp_plugins:/usr/lib64/vpp_plugins
vpp[10192]: load_one_plugin:189: Loaded plugin: abf_plugin.so (ACL
based Forwarding)
vpp[10192]: load_one_plugin:189: Loaded plugin: acl_plugin.so (Access
Control Lists)
vpp[10192]: load_one_plugin:189: Loaded plugin: avf_plugin.so (Intel
Adaptive Virtual Function (AVF) Device Plugin)
vpp[10192]: load_one_plugin:191: Loaded plugin: cdp_plugin.so
vpp[10192]: load_one_plugin:189: Loaded plugin: dpdk_plugin.so (Data
Plane Development Kit (DPDK))
vpp[10192]: load_one_plugin:189: Loaded plugin: flowprobe_plugin.so
(Flow per Packet)
vpp[10192]: load_one_plugin:189: Loaded plugin: gbp_plugin.so (Group
Based Policy)
vpp[10192]: load_one_plugin:189: Loaded plugin: gtpu_plugin.so (GTPv1-U)
vpp[10192]: load_one_plugin:189: Loaded plugin: igmp_plugin.so (IGMP messaging)
vpp[10192]: load_one_plugin:189: Loaded plugin: ila_plugin.so
(Identifier-locator addressing for IPv6)
vpp[10192]: load_one_plugin:189: Loaded plugin: ioam_plugin.so (Inbound OAM)
vpp[10192]: load_one_plugin:117: Plugin disabled (default): ixge_plugin.so
vpp[10192]: load_one_plugin:189: Loaded plugin: l2e_plugin.so (L2 Emulation)
vpp[10192]: load_one_plugin:189: Loaded plugin: lacp_plugin.so (Link
Aggregation Control Protocol)
vpp[10192]: load_one_plugin:189: Loaded plugin: lb_plugin.so (Load Balancer)
vpp[10192]: load_one_plugin:189: Loaded plugin: mactime_plugin.so
(Time-based MAC source-address filter)
vpp[10192]: load_one_plugin:189: Loaded plugin: map_plugin.so (Mapping
of address and port (MAP))
vpp[10192]: load_one_plugin:189: Loaded plugin: memif_plugin.so
(Packet Memory Interface (experimetal))
vpp[10192]: load_one_plugin:189: Loaded plugin: nat_plugin.so (Network
Address Translation)
vpp[10192]: load_one_plugin:189: Loaded plugin: pppoe_plugin.so (PPPoE)
vpp[10192]: load_one_plugin:189: Loaded plugin: srv6ad_plugin.so
(Dynamic SRv6 proxy)
vpp[10192]: load_one_plugin:189: Loaded plugin: srv6am_plugin.so
(Masquerading SRv6 proxy)
vpp[10192]: load_one_plugin:189: Loaded plugin: srv6as_plugin.so
(Static SRv6 proxy)
vpp[10192]: load_one_plugin:189: Loaded plugin: stn_plugin.so (VPP
Steals the NIC for Container integration)
vpp[10192]: load_one_plugin:189: Loaded plugin: tlsmbedtls_plugin.so
(mbedtls based TLS Engine)
vpp[10192]: load_one_plugin:189: Loaded plugin: tlsopenssl_plugin.so
(openssl based TLS Engine)
vpp[10192]: load_one_plugin:117: Plugin disabled (default): unittest_plugin.so
vpp[10192]: /usr/bin/vpp[10192]: clib_elf_parse_file: open
`linux-vdso.so.1': No such file or directory
/usr/bin/vpp[10192]: clib_elf_parse_file: open `linux-vdso.so.1': No
such file or directory
vpp[10192]: /usr/bin/vpp[10192]: load_one_vat_plugin:67: Loaded
plugin: cdp_test_plugin.so
/usr/bin/vpp[10192]: load_one_vat_plugin:67: Loaded plugin: cdp_test_plugin.so
vpp[10192]: /usr/bin/vpp[10192]: load_one_vat_plugin:67: Loaded
plugin: vxlan_gpe_ioam_export_test_plugin.so
vpp[10192]: /usr/bin/vpp[10192]: load_one_vat_plugin:67: Loaded
plugin: udp_ping_test_plugin.so
/usr/bin/vpp[10192]: load_one_vat_plugin:67: Loaded plugin:
vxlan_gpe_ioam_export_test_plugin.so
vpp[10192]: /usr/bin/vpp[10192]: load_one_vat_plugin:67: Loaded
plugin: dpdk_test_plugin.so
vpp[10192]: /usr/bin/vpp[10192]: load_one_vat_plugin:67: Loaded
plugin: memif_test_plugin.so
vpp[10192]: /usr/bin/vpp[10192]: load_one_vat_plugin:67: Loaded
plugin: nat_test_plugin.so
/usr/bin/vpp[10192]: load_one_vat_plugin:67: Loaded plugin:
udp_ping_test_plugin.so
vpp[10192]: /usr/bin/vpp[10192]: load_one_vat_plugin:67: Loaded
plugin: lacp_test_plugin.so
vpp[10192]: /usr/bin/vpp[10192]: load_one_vat_plugin:67: Loaded
plugin: mactime_test_plugin.so
vpp[10192]: /usr/bin/vpp[10192]: load_one_vat_plugin:67: Loaded
plugin: ioam_pot_test_plugin.so
/usr/bin/vpp[10192]: load_one_vat_plugin:67: Loaded plugin: dpdk_test_plugin.so
vpp[10192]: /usr/bin/vpp[10192]: load_one_vat_plugin:67: Loaded
plugin: ioam_trace_test_plugin.so
vpp[10192]: /usr/bin/vpp[10192]: load_one_vat_plugin:67: Loaded
plugin: avf_test_plugin.so
vpp[10192]: /usr/bin/vpp[10192]: load_one_vat_plugin:67: Loaded
plugin: stn_test_plugin.so
/usr/bin/vpp[10192]: load_one_vat_plugin:67: Loaded plugin: memif_test_plugin.so
vpp[10192]: /usr/bin/vpp[10192]: load_one_vat_plugin:67: Loaded
plugin: map_test_plugin.so
vpp[10192]: /usr/bin/vpp[10192]: load_one_vat_plugin:67: Loaded
plugin: lb_test_plugin.so
/usr/bin/vpp[10192]: load_one_vat_plugin:67: Loaded plugin: nat_test_plugin.so

Re: [vpp-dev] VLAN to VLAN

2018-04-20 Thread carlito nueno 
index 14 dst ff:ff:ff:ff:ff:ff src 74:da:38:0d:43:59
bd_index 3
18:47:56:729556: l2-flood
  l2-flood: sw_if_index 14 dst ff:ff:ff:ff:ff:ff src 74:da:38:0d:43:59
bd_index 3
18:47:56:729557: l2-output
  l2-output: sw_if_index 15 dst ff:ff:ff:ff:ff:ff src
74:da:38:0d:43:59 data 08 00 45 00 01 38 4b 0b 00 00 40 11
18:47:56:729557: tap-2-output
  tap-2
  IP4: 74:da:38:0d:43:59 -> ff:ff:ff:ff:ff:ff
  UDP: 192.168.3.16 -> 192.168.3.255
tos 0x00, ttl 64, length 312, checksum 0xa64a
fragment id 0x4b0b
  UDP: 17500 -> 17500
length 292, checksum 0x5510
18:47:56:729581: l2-flood
  l2-flood: sw_if_index 14 dst 45:00:01:38:4b:0b src 00:00:40:11:a6:4a
bd_index 3
18:47:56:729582: ip4-input
  UDP: 192.168.3.16 -> 192.168.3.255
tos 0x00, ttl 64, length 312, checksum 0xa64a
fragment id 0x4b0b
  UDP: 17500 -> 17500
length 292, checksum 0x5510
18:47:56:729583: nat44-in2out
  NAT44_IN2OUT_FAST_PATH: sw_if_index 13, next index 3, session -1
18:47:56:729584: nat44-in2out-slowpath
  NAT44_IN2OUT_SLOW_PATH: sw_if_index 13, next index 0, session -1
18:47:56:729586: ip4-lookup
  fib 0 dpo-idx 0 flow hash: 0x
  UDP: 192.168.3.16 -> 192.168.3.255
tos 0x00, ttl 64, length 312, checksum 0xa64a
fragment id 0x4b0b
  UDP: 17500 -> 17500
length 292, checksum 0x5510
18:47:56:729587: ip4-drop
UDP: 192.168.3.16 -> 192.168.3.255
  tos 0x00, ttl 64, length 312, checksum 0xa64a
  fragment id 0x4b0b
UDP: 17500 -> 17500
  length 292, checksum 0x5510
18:47:56:729588: error-drop
  ip4-input: ip4 adjacency drop

On Thu, Apr 19, 2018 at 11:47 PM, Andrew Yourtchenko <ayour...@gmail.com> wrote:
> Hi Carlito,
>
> What does the packet trace (as per
> https://wiki.fd.io/view/VPP/How_To_Use_The_Packet_Generator_and_Packet_Tracer)
> look like and which version of VPP are you running ?
>
> --a
>
> On 20 Apr 2018, at 05:00, Carlito Nueno <carlitonu...@gmail.com> wrote:
>
> Thanks John.
>
> Routing between VLANs is working. But I can't get the ACLs quite
> right. I am trying to block all communication between device A
> (192.168.3.16) on VLAN 3 and device B (192.168.2.181) on VLAN 2.
>
> vat# acl_add_replace ipv4 deny src 192.168.3.16/32 dst 192.168.2.181/32
> vat# acl_dump
> vl_api_acl_details_t_handler:194: acl_index: 1, count: 1
>   tag {}
>   ipv4 action 0 src 192.168.3.16/32 dst 192.168.2.181/32 proto 0
> sport 0-65535 dport 0-65535 tcpflags 0 mask 0
>
> # VLAN on subinterface GigabitEthernet0/14/0.2
> vat# acl_interface_set_acl_list sw_if_index 11 input 1 output 1
>
> # VLAN on subinterface GigabitEthernet0/14/0.3
> vat# acl_interface_set_acl_list sw_if_index 14 input 1 output 1
>
> vat# acl_interface_list_dump
> vl_api_acl_interface_list_details_t_handler:153: sw_if_index: 11,
> count: 2, n_input: 1
>   input 1
>  output 1
> vl_api_acl_interface_list_details_t_handler:153: sw_if_index: 14,
> count: 2, n_input: 1
>   input 1
>  output 1
>
> I am still able to ping from 192.168.3.16 to 192.168.2.181 after above
> commands.
>
> Thanks
>
> On Thu, Apr 19, 2018 at 3:55 PM, John Lo (loj) <l...@cisco.com> wrote:
>
> One more comment - unless there are more VLAN 1 and VLAN 2 sub-interfaces
> you need to put into BDs 1 and 2, then you may just configure IP addresses
> on the sub-interfaces to route directly, as suggested by Andrew. It would be
> a lot more efficient than going through two BDs and route via BVIs.  -John
>
>
> -Original Message-
>
> From: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> On Behalf Of John Lo (loj)
>
> Sent: Thursday, April 19, 2018 4:48 PM
>
> To: carlito nueno <carlitonu...@gmail.com>; Andrew Yourtchenko
> <ayour...@gmail.com>
>
> Cc: vpp-dev@lists.fd.io
>
> Subject: Re: [vpp-dev] VLAN to VLAN
>
>
> The config looks correct and should work, assuming the following:
>
> 1. The devices connected to GigabitEthernet0/14/0.2 have IP addresses in the
> 192.168.2.1/24 subnet with default gateway set to that of the BVI IP address
> of 192.168.2.1.
>
> 2. The devices connected to GigabitEthernet0/14/0.3 have IP addresses in the
> 192.168.3.1/24 subnet with default gateway set to that of the BVI IP address
> of 192.168.3.1.
>
>
> One improvement is to put the BVI interfaces into their own VRF by setting
> loop0 and loop1 into a specific ip table to not use the global routing
> table.  For example, set the following before assigning IP address to loop0
> and loop1:
>
>   set int ip table loop0 4
>
>   set int ip table loop1 4
>
> This will make the routing between BD-VLANs 2 and 3 private and more secure.
>
>
> Regards,
>
> John
>
>
> -Original Message-
>
> From: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> On Behalf Of ca

Re: [vpp-dev] VLAN to VLAN

2018-04-19 Thread carlito nueno 
Thanks John.

Routing between VLANs is working. But I can't get the ACLs quite
right. I am trying to block all communication between device A
(192.168.3.16) on VLAN 3 and device B (192.168.2.181) on VLAN 2.

vat# acl_add_replace ipv4 deny src 192.168.3.16/32 dst 192.168.2.181/32
vat# acl_dump
vl_api_acl_details_t_handler:194: acl_index: 1, count: 1
   tag {}
   ipv4 action 0 src 192.168.3.16/32 dst 192.168.2.181/32 proto 0
sport 0-65535 dport 0-65535 tcpflags 0 mask 0

# VLAN on subinterface GigabitEthernet0/14/0.2
vat# acl_interface_set_acl_list sw_if_index 11 input 1 output 1

# VLAN on subinterface GigabitEthernet0/14/0.3
vat# acl_interface_set_acl_list sw_if_index 14 input 1 output 1

vat# acl_interface_list_dump
vl_api_acl_interface_list_details_t_handler:153: sw_if_index: 11,
count: 2, n_input: 1
   input 1
  output 1
vl_api_acl_interface_list_details_t_handler:153: sw_if_index: 14,
count: 2, n_input: 1
   input 1
  output 1

I am still able to ping from 192.168.3.16 to 192.168.2.181 after above commands.

Thanks

On Thu, Apr 19, 2018 at 3:55 PM, John Lo (loj) <l...@cisco.com> wrote:
> One more comment - unless there are more VLAN 1 and VLAN 2 sub-interfaces you 
> need to put into BDs 1 and 2, then you may just configure IP addresses on the 
> sub-interfaces to route directly, as suggested by Andrew. It would be a lot 
> more efficient than going through two BDs and route via BVIs.  -John
>
> -Original Message-
> From: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> On Behalf Of John Lo (loj)
> Sent: Thursday, April 19, 2018 4:48 PM
> To: carlito nueno <carlitonu...@gmail.com>; Andrew Yourtchenko 
> <ayour...@gmail.com>
> Cc: vpp-dev@lists.fd.io
> Subject: Re: [vpp-dev] VLAN to VLAN
>
> The config looks correct and should work, assuming the following:
> 1. The devices connected to GigabitEthernet0/14/0.2 have IP addresses in the 
> 192.168.2.1/24 subnet with default gateway set to that of the BVI IP address 
> of 192.168.2.1.
> 2. The devices connected to GigabitEthernet0/14/0.3 have IP addresses in the 
> 192.168.3.1/24 subnet with default gateway set to that of the BVI IP address 
> of 192.168.3.1.
>
> One improvement is to put the BVI interfaces into their own VRF by setting 
> loop0 and loop1 into a specific ip table to not use the global routing table. 
>  For example, set the following before assigning IP address to loop0 and 
> loop1:
>set int ip table loop0 4
>set int ip table loop1 4
> This will make the routing between BD-VLANs 2 and 3 private and more secure.
>
> Regards,
> John
>
> -Original Message-
> From: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> On Behalf Of carlito nueno
> Sent: Thursday, April 19, 2018 4:15 PM
> To: Andrew Yourtchenko <ayour...@gmail.com>
> Cc: vpp-dev@lists.fd.io
> Subject: Re: [vpp-dev] VLAN to VLAN
>
> My current VLAN config:
>
> loopback create
> set int l2 bridge loop1 2 bvi
> set int ip address loop1 192.168.2.1/24
> set int state loop1 up
>
> create sub GigabitEthernet0/14/0 2
> set int l2 bridge GigabitEthernet0/14/0.2 2 set int l2 tag-rewrite 
> GigabitEthernet0/14/0.2 pop 1 set int state GigabitEthernet0/14/0.2 up
>
>
> loopback create
> set int l2 bridge loop2 3 bvi
> set int ip address loop2 192.168.3.1/24
> set int state loop2 up
>
> create sub GigabitEthernet0/14/0 3
> set int l2 bridge GigabitEthernet0/14/0.3 3 set int l2 tag-rewrite 
> GigabitEthernet0/14/0.3 pop 1 set int state GigabitEthernet0/14/0.3 up
>
>
> So this should route traffic between VLAN 2 and VLAN 3, correct?
>
> Thanks
>
> On Thu, Apr 19, 2018 at 12:52 PM, Andrew Yourtchenko <ayour...@gmail.com> 
> wrote:
>>
>> hi Carlito,
>>
>> you can configure subinterfaces with tags and assign the ip addresses
>> so the VPP does routing and then either use vnet ACLs or acl plugin to
>> restrict the traffic.
>>
>> —a
>>
>> On 19 Apr 2018, at 21:07, Dave Barach <dbar...@cisco.com> wrote:
>>
>> Begin forwarded message:
>>
>> From: Carlito Nueno <carlitonu...@gmail.com>
>> Date: April 19, 2018 at 9:03:51 AM HST
>> To: dbar...@cisco.com
>> Subject: VLAN to VLAN
>>
>> Hi Dave,
>>
>> How can I enable VLAN to VLAN communication? I want to have devices on
>> one VLAN talk to devices on another VLAN, if possible constrain the
>> devices by MAC or IP address.
>>
>> For example, only device with MAC (aa:aa:bb:80:90) or IP address
>> (192.168.2.20) on VLAN 100 can talk to devices on VLAN 200
>> (192.168.3.0/24).
>>
>> Thanks
>>
>>
>
>
>
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links:

You receive all messages sent to this group.

View/Reply Onlin

Re: [vpp-dev] VLAN to VLAN

2018-04-23 Thread carlito nueno 
any suggestions?

Thanks

[vpp-dev] enable communication between VLANs

2018-04-17 Thread carlito nueno 
Hi,

- How can I enable communication between VLANs?

- If I can, is there a way I can white list devices based on MAC or IP
addresses, so that only certain devices can communicate with other
VLAN?

Thanks

-=-=-=-=-=-=-=-=-=-=-=-
Links:

You receive all messages sent to this group.

View/Reply Online (#8958): https://lists.fd.io/g/vpp-dev/message/8958
View All Messages In Topic (1): https://lists.fd.io/g/vpp-dev/topic/17542261
Mute This Topic: https://lists.fd.io/mt/17542261/21656
New Topic: https://lists.fd.io/g/vpp-dev/post

Change Your Subscription: https://lists.fd.io/g/vpp-dev/editsub/21656
Group Home: https://lists.fd.io/g/vpp-dev
Contact Group Owner: vpp-dev+ow...@lists.fd.io
Terms of Service: https://lists.fd.io/static/tos
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] VLAN to VLAN

2018-04-19 Thread carlito nueno 
My current VLAN config:

loopback create
set int l2 bridge loop1 2 bvi
set int ip address loop1 192.168.2.1/24
set int state loop1 up

create sub GigabitEthernet0/14/0 2
set int l2 bridge GigabitEthernet0/14/0.2 2
set int l2 tag-rewrite GigabitEthernet0/14/0.2 pop 1
set int state GigabitEthernet0/14/0.2 up


loopback create
set int l2 bridge loop2 3 bvi
set int ip address loop2 192.168.3.1/24
set int state loop2 up

create sub GigabitEthernet0/14/0 3
set int l2 bridge GigabitEthernet0/14/0.3 3
set int l2 tag-rewrite GigabitEthernet0/14/0.3 pop 1
set int state GigabitEthernet0/14/0.3 up


So this should route traffic between VLAN 2 and VLAN 3, correct?

Thanks

On Thu, Apr 19, 2018 at 12:52 PM, Andrew Yourtchenko <ayour...@gmail.com> wrote:
>
> hi Carlito,
>
> you can configure subinterfaces with tags and assign the ip addresses so the
> VPP does routing and then either use vnet ACLs or acl plugin to restrict the
> traffic.
>
> —a
>
> On 19 Apr 2018, at 21:07, Dave Barach <dbar...@cisco.com> wrote:
>
> Begin forwarded message:
>
> From: Carlito Nueno <carlitonu...@gmail.com>
> Date: April 19, 2018 at 9:03:51 AM HST
> To: dbar...@cisco.com
> Subject: VLAN to VLAN
>
> Hi Dave,
>
> How can I enable VLAN to VLAN communication? I want to have devices on
> one VLAN talk to devices on another VLAN, if possible constrain the
> devices by MAC or IP address.
>
> For example, only device with MAC (aa:aa:bb:80:90) or IP address
> (192.168.2.20) on VLAN 100 can talk to devices on VLAN 200
> (192.168.3.0/24).
>
> Thanks
>
> 

-=-=-=-=-=-=-=-=-=-=-=-
Links:

You receive all messages sent to this group.

View/Reply Online (#9000): https://lists.fd.io/g/vpp-dev/message/9000
View All Messages In Topic (3): https://lists.fd.io/g/vpp-dev/topic/17639114
Mute This Topic: https://lists.fd.io/mt/17639114/21656
New Topic: https://lists.fd.io/g/vpp-dev/post

Change Your Subscription: https://lists.fd.io/g/vpp-dev/editsub/21656
Group Home: https://lists.fd.io/g/vpp-dev
Contact Group Owner: vpp-dev+ow...@lists.fd.io
Terms of Service: https://lists.fd.io/static/tos
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Unable to build router plugin

2018-10-17 Thread carlito nueno 
Hi Hongjun,

Thanks for the patch.
I tried to compile VPPSB project with the latest master and latest VPP
stable/1810 but I am getting this error:

 Building router in /vpp/build-root/build-vpp_debug-native/router 
make[1]: Entering directory '/vpp/build-root/build-vpp_debug-native/router'
  CC   router/tap_inject.lo
  CC   router/tap_inject_netlink.lo
  CC   router/tap_inject_node.lo
  CC   router/tap_inject_tap.lo
/vpp/build-data/../router/router/tap_inject_node.c: In function
‘tap_inject_tap_send_buffer’:
/vpp/build-data/../router/router/tap_inject_node.c:45:13: error:
implicit declaration of function ‘writev’; did you mean ‘write’?
[-Werror=implicit-function-declaration]
   n_bytes = writev (fd, , 1);
 ^~
 write
/vpp/build-data/../router/router/tap_inject_node.c: In function ‘tap_rx’:
/vpp/build-data/../router/router/tap_inject_node.c:231:13: error:
implicit declaration of function ‘readv’; did you mean ‘read’?
[-Werror=implicit-function-declaration]
   n_bytes = readv (fd, iov, MTU_BUFFERS);
 ^
 read
cc1: all warnings being treated as errors
Makefile:483: recipe for target 'router/tap_inject_node.lo' failed
make[1]: *** [router/tap_inject_node.lo] Error 1
make[1]: *** Waiting for unfinished jobs
make[1]: Leaving directory '/vpp/build-root/build-vpp_debug-native/router'
Makefile:691: recipe for target 'router-build' failed
make: *** [router-build] Error 2

Thanks
On Sun, Oct 7, 2018 at 7:25 PM Ni, Hongjun  wrote:
>
> Hi guys,
>
> I have submitted a patch to fix the build issue in VPPSB project:
> https://gerrit.fd.io/r/#/c/15135/ Fix build issue due to vpp's function 
> parameters change
> I have tested it and it works well in my server.
>
> Thanks,
> Hongjun
>
> -Original Message-
> From: vpp-dev@lists.fd.io [mailto:vpp-dev@lists.fd.io] On Behalf Of carlito 
> nueno
> Sent: Friday, September 28, 2018 9:45 AM
> To: memarnejad...@gmail.com
> Cc: vpp-dev@lists.fd.io
> Subject: Re: [vpp-dev] Unable to build router plugin
>
> Thanks for the tip Mehran. I will take a look and report back.
> On Thu, Sep 27, 2018 at 12:16 AM Mehran Memarnejad  
> wrote:
> >
> > Hi carlito,
> >
> > I've had problems muck like yours. Sometimes VPP updates its functions 
> > while vppsb is still the same, so you need to change it to make it work.
> > In my problem I just updated the vppsb's outdated function to the new one 
> > and it worked.
> > As you know, vppsb is a plugin for vpp and it calls vpp's functions,
> > so any change in vpp's function affects vppsb e.g. function singnature
> > change
> >
> >
> > On Thursday, September 27, 2018, carlito nueno  
> > wrote:
> >>
> >> Hi all,
> >>
> >> I am trying to build the router-plugin:
> >> make V=0 PLATFORM=vpp TAG=vpp_debug install-deb netlink-install
> >> router-install
> >>
> >> I am using the Vagrantfile present in vpp repo and am pulling the
> >> current master (as of September 26 2018). I am also pulling the
> >> current master of vppsb.
> >>
> >> But I am getting this error:
> >>
> >>  Building router in /vpp/build-root/build-vpp_debug-native/router
> >> 
> >> make[1]: Entering directory '/vpp/build-root/build-vpp_debug-native/router'
> >>   CC   router/tap_inject.lo
> >>   CC   router/tap_inject_netlink.lo
> >> /vpp/build-data/../router/router/tap_inject_netlink.c: In function
> >> ‘add_del_neigh’:
> >> /vpp/build-data/../router/router/tap_inject_netlink.c:140:9: error:
> >> too many arguments to function ‘vnet_unset_ip6_ethernet_neighbor’
> >>  vnet_unset_ip6_ethernet_neighbor (vm, sw_if_index,
> >>  ^~~~ In file included from
> >> /vpp/build-data/../router/router/tap_inject_netlink.c:19:0:
> >> /vpp/build-root/install-vpp_debug-native/vpp/include/vnet/ip/ip6_neighbor.h:84:12:
> >> note: declared here
> >>  extern int vnet_unset_ip6_ethernet_neighbor (vlib_main_t * vm,
> >> ^~~~
> >> Makefile:483: recipe for target 'router/tap_inject_netlink.lo' failed
> >> make[1]: *** [router/tap_inject_netlink.lo] Error 1
> >> make[1]: *** Waiting for unfinished jobs
> >> make[1]: Leaving directory '/vpp/build-root/build-vpp_debug-native/router'
> >> Makefile:691: recipe for target 'router-build' failed
> >> make: *** [router-build] Error 2
> >>
> >> Any advice?
> >>
> >> Thanks
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#10861): https://lists.fd.io/g/vpp-dev/message/10861
Mute This Topic: https://lists.fd.io/mt/26280661/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] difference between tap device and veth

2018-10-30 Thread carlito nueno 
Got it.
Just to clarify, does tapv2 use vhost-net backend?

Is is correct/sufficient way to use it?
create tap id 0 host-ip4-addr 10.20.2/24 host-if-name testtap

Thanks
On Sat, Oct 27, 2018 at 1:49 AM Damjan Marion  wrote:
>
>
> Tap (with vhost-net backend) is faster and it is real interface from linux 
> perspective...
>
> —
> Damjan
>
> > On 27 Oct 2018, at 03:48, carlito nueno  wrote:
> >
> > Hi all,
> >
> > Is there a performance difference between using tap device vs veth?
> > Use case: running a DNS server on the host.
> >
> > Thanks
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> >
> > View/Reply Online (#11009): https://lists.fd.io/g/vpp-dev/message/11009
> > Mute This Topic: https://lists.fd.io/mt/27746126/675642
> > Group Owner: vpp-dev+ow...@lists.fd.io
> > Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [dmar...@me.com]
> > -=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11040): https://lists.fd.io/g/vpp-dev/message/11040
Mute This Topic: https://lists.fd.io/mt/27746126/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] difference between tap device and veth

2018-10-30 Thread carlito nueno 
Thank you!
On Tue, Oct 30, 2018 at 12:42 PM Damjan Marion  wrote:
>
>
>
> > On 30 Oct 2018, at 19:35, Carlito Nueno  wrote:
> >
> > Got it.
> > Just to clarify, does tapv2 use vhost-net backend?
>
> yes
>
> > Is is correct/sufficient way to use it?
> > create tap id 0 host-ip4-addr 10.20.2/24 host-if-name testtap
>
> yes
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11043): https://lists.fd.io/g/vpp-dev/message/11043
Mute This Topic: https://lists.fd.io/mt/27746126/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] difference between tap device and veth

2018-10-26 Thread carlito nueno 
Hi all,

Is there a performance difference between using tap device vs veth?
Use case: running a DNS server on the host.

Thanks
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11009): https://lists.fd.io/g/vpp-dev/message/11009
Mute This Topic: https://lists.fd.io/mt/27746126/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] libvppapiclient.so.0 missing (govpp)

2018-09-27 Thread carlito nueno 
I also tried installing vpp from https://packagecloud.io/fdio/master 
(18.10-rc0~521-g09cce66~b5292).
I am encountering same error.

Thanks
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#10699): https://lists.fd.io/g/vpp-dev/message/10699
Mute This Topic: https://lists.fd.io/mt/26372834/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Unable to build router plugin

2018-09-27 Thread carlito nueno 
Thanks for the tip Mehran. I will take a look and report back.
On Thu, Sep 27, 2018 at 12:16 AM Mehran Memarnejad
 wrote:
>
> Hi carlito,
>
> I've had problems muck like yours. Sometimes VPP updates its functions while 
> vppsb is still the same, so you need to change it to make it work.
> In my problem I just updated the vppsb's outdated function to the new one and 
> it worked.
> As you know, vppsb is a plugin for vpp and it calls vpp's functions, so any 
> change in vpp's function affects vppsb e.g. function singnature change
>
>
> On Thursday, September 27, 2018, carlito nueno  wrote:
>>
>> Hi all,
>>
>> I am trying to build the router-plugin:
>> make V=0 PLATFORM=vpp TAG=vpp_debug install-deb netlink-install 
>> router-install
>>
>> I am using the Vagrantfile present in vpp repo and am pulling the
>> current master (as of September 26 2018). I am also pulling the
>> current master of vppsb.
>>
>> But I am getting this error:
>>
>>  Building router in /vpp/build-root/build-vpp_debug-native/router 
>> make[1]: Entering directory '/vpp/build-root/build-vpp_debug-native/router'
>>   CC   router/tap_inject.lo
>>   CC   router/tap_inject_netlink.lo
>> /vpp/build-data/../router/router/tap_inject_netlink.c: In function
>> ‘add_del_neigh’:
>> /vpp/build-data/../router/router/tap_inject_netlink.c:140:9: error:
>> too many arguments to function ‘vnet_unset_ip6_ethernet_neighbor’
>>  vnet_unset_ip6_ethernet_neighbor (vm, sw_if_index,
>>  ^~~~
>> In file included from
>> /vpp/build-data/../router/router/tap_inject_netlink.c:19:0:
>> /vpp/build-root/install-vpp_debug-native/vpp/include/vnet/ip/ip6_neighbor.h:84:12:
>> note: declared here
>>  extern int vnet_unset_ip6_ethernet_neighbor (vlib_main_t * vm,
>> ^~~~
>> Makefile:483: recipe for target 'router/tap_inject_netlink.lo' failed
>> make[1]: *** [router/tap_inject_netlink.lo] Error 1
>> make[1]: *** Waiting for unfinished jobs
>> make[1]: Leaving directory '/vpp/build-root/build-vpp_debug-native/router'
>> Makefile:691: recipe for target 'router-build' failed
>> make: *** [router-build] Error 2
>>
>> Any advice?
>>
>> Thanks
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#10697): https://lists.fd.io/g/vpp-dev/message/10697
Mute This Topic: https://lists.fd.io/mt/26280661/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] libvppapiclient.so.0 missing (govpp)

2018-09-27 Thread carlito nueno 
Hi all,

I pulled the latest vpp master (as of September 27 2018) and am using
the vagrant file to build vpp. Afterwards I transferred the .deb
packages out of vagrant box and installed vpp:

sudo dpkg -i *.deb

When I try to run govpp application I am getting this error:

error while loading shared libraries: libvppapiclient.so.0: cannot
open shared object file: No such file or directory

Thanks
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#10698): https://lists.fd.io/g/vpp-dev/message/10698
Mute This Topic: https://lists.fd.io/mt/26372834/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] Unable to build router plugin

2018-09-26 Thread carlito nueno 
Hi all,

I am trying to build the router-plugin:
make V=0 PLATFORM=vpp TAG=vpp_debug install-deb netlink-install router-install

I am using the Vagrantfile present in vpp repo and am pulling the
current master (as of September 26 2018). I am also pulling the
current master of vppsb.

But I am getting this error:

 Building router in /vpp/build-root/build-vpp_debug-native/router 
make[1]: Entering directory '/vpp/build-root/build-vpp_debug-native/router'
  CC   router/tap_inject.lo
  CC   router/tap_inject_netlink.lo
/vpp/build-data/../router/router/tap_inject_netlink.c: In function
‘add_del_neigh’:
/vpp/build-data/../router/router/tap_inject_netlink.c:140:9: error:
too many arguments to function ‘vnet_unset_ip6_ethernet_neighbor’
 vnet_unset_ip6_ethernet_neighbor (vm, sw_if_index,
 ^~~~
In file included from
/vpp/build-data/../router/router/tap_inject_netlink.c:19:0:
/vpp/build-root/install-vpp_debug-native/vpp/include/vnet/ip/ip6_neighbor.h:84:12:
note: declared here
 extern int vnet_unset_ip6_ethernet_neighbor (vlib_main_t * vm,
^~~~
Makefile:483: recipe for target 'router/tap_inject_netlink.lo' failed
make[1]: *** [router/tap_inject_netlink.lo] Error 1
make[1]: *** Waiting for unfinished jobs
make[1]: Leaving directory '/vpp/build-root/build-vpp_debug-native/router'
Makefile:691: recipe for target 'router-build' failed
make: *** [router-build] Error 2

Any advice?

Thanks
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#10677): https://lists.fd.io/g/vpp-dev/message/10677
Mute This Topic: https://lists.fd.io/mt/26280661/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Question regarding captive portal

2018-12-31 Thread carlito nueno 
I couldn't find anything under NAT to make this work.
I tried the following:

set int state GigabitEthernet4/0/0 up
...
...
loopback create
set int l2 bridge loop4 4 bvi
set int ip address loop4 192.168.2.1/24
set int state loop4 up

create sub GigabitEthernet4/0/0 4
set int l2 bridge GigabitEthernet4/0/0.4 4
set int l2 tag-rewrite GigabitEthernet4/0/0.4 pop 1
set int state GigabitEthernet4/0/0.4 up
set punt tcp 80

create tap id 4 host-ip4-addr 192.168.2.2/24 host-if-name lguest
set int l2 bridge tap4 4
set int state tap4 up
ip punt redirect add rx GigabitEthernet4/0/0.4 via tap4

I am trying to send tcp port 80 traffic from GigabitEthernet4/0/0.4
(VLAN 4 interface) to tap-device tap4 where a server is listening.

But I am receiving this message:
vnet_punt_add_del: punt TCP/SCTP ports is not supported yet

I am using:
VPP version: v18.10-rc2~16

Thank you.

On Fri, Dec 28, 2018 at 1:52 PM carlito nueno via Lists.Fd.Io
 wrote:
>
> NAT might be the right way to achieve this.
>
> This is the command I used with iptables:
> iptables -t nat -A eth0 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.2
>
> What is a similar command on VPP-NAT when I am trying to send port 80 traffic 
> from main interface to tap-device:
> main interface: GigabitEthernet4/0/0
> tap id: 3 (tap3) with address 192.168.1.2 and host-if-name tapcap
>
> Thanks -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
>
> View/Reply Online (#11790): https://lists.fd.io/g/vpp-dev/message/11790
> Mute This Topic: https://lists.fd.io/mt/28506160/675621
> Group Owner: vpp-dev+ow...@lists.fd.io
> Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [carlitonu...@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11806): https://lists.fd.io/g/vpp-dev/message/11806
Mute This Topic: https://lists.fd.io/mt/28506160/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Question regarding captive portal

2018-12-27 Thread carlito nueno 
Hi all,

After more research, I found that most devices test connectivity by issuing an 
HTTP GET request, e.g. to captive.apple.com or 
connectivitycheck.gstatic.com/generate_204.
How do I catch this http request and respond with 302 redirect that redirects 
user to lan ip address: 192.168.1.2:80/index.html.

thanks!
Happy holidays :)
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11780): https://lists.fd.io/g/vpp-dev/message/11780
Mute This Topic: https://lists.fd.io/mt/28506160/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Question regarding captive portal

2018-12-27 Thread carlito nueno 
Hi Yu,

Option 2:
Can you help understand how I can simulate man in the middle. The request from 
client to gateway, which is VPP in my case. How can I use VPP to do this?

Thanks.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11782): https://lists.fd.io/g/vpp-dev/message/11782
Mute This Topic: https://lists.fd.io/mt/28506160/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Question regarding captive portal

2018-12-27 Thread carlito nueno 
Sorry I wasn't clear:

VPP is the gateway in my case.
So when a request comes from client to VPP, how can I get redirect that request 
(in VPP) to an application on the linux host?
Application is listening on a tap device on port 80.

Thanks
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11783): https://lists.fd.io/g/vpp-dev/message/11783
Mute This Topic: https://lists.fd.io/mt/28506160/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] nat: create NAT session failed

2019-01-17 Thread carlito nueno 
Hi all,

When I set nat to endpoint dependent, I am receiving this error message:
Jan 17 19:14:45 test1 vnet[32197]: nat: create NAT session failed
Jan 17 19:14:45 test1 vnet[32197]: nat: max translations per user 10.155.0.2

Here is: sh nat44 sessions
NAT44 sessions:
 thread 0 vpp_main: 0 sessions 
 thread 1 vpp_wk_0: 449 sessions 
  10.155.0.2: 256 dynamic translations, 0 static translations

Here is: startup.conf
unix {
  nodaemon
  log /var/log/vpp/vpp.log
  full-coredump
  cli-listen /run/vpp/cli.sock
  gid vpp
  startup-config /home/test1/vpp.conf
}

api-trace {
  on
}

api-segment {
  gid vpp
}

cpu {
  main-core 2
  corelist-workers 3
}

nat {
  translation hash buckets 16000
  max translations per user 256
  endpoint-dependent
}

dpdk {
  num-mbufs 32768
  uio-driver auto
}

When I disable endpoint nat, even though translations hit the max (256),
new nat sessions are being created and everything is fine.

Any advice?

Thanks
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11944): https://lists.fd.io/g/vpp-dev/message/11944
Mute This Topic: https://lists.fd.io/mt/29195721/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] Question regarding captive portal

2018-11-29 Thread carlito nueno 
Hi all,

GigabitEthernet4/0/0 = LAN interface - 192.168.1.1
Tap1 = tap interface - 192.168.1.2
Clients connected to LAN interface - 192.168.1.100 - 200

GigabitEthernet5/0/0 = WAN interface

I want to redirect any traffic (tcp or udp) from clients
(192.168.1.100 - 200) to a server running locally on the tap1
interface (192.168.1.2:80). This local server is a captive portal
server.

Example:
Client visits google.com in a browser
Instead of the browser showing google.com, it is shown 192.168.1.2:80/index.html

How do I accomplish this?

I came across ip punt redirect, but I am not familiar with it.

Thanks for the help.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11466): https://lists.fd.io/g/vpp-dev/message/11466
Mute This Topic: https://lists.fd.io/mt/28506160/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Simple Rate Limit and QoS #vpp

2018-12-28 Thread carlito nueno 
I am looking for rate limiting (bandwidth/traffic shaping) as well.


Vakili, Did you figure it out?

Thanks.
On Sat, Sep 8, 2018 at 12:16 AM  wrote:

> Simple Rate Limit and QoS
> Hi dears. Three questions please:
> 1: How can I configure an interface to let pass limited rate (Bandwidth
> management) in VPP
> 2: Can I give rage of IPs to assign limit rates?
> 3: Is there any way to not restart vpp or reload interface configuration
> for any configuration? I need to save and run without restart.
>
> Thanks alot
> Vakili -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
>
> View/Reply Online (#10441): https://lists.fd.io/g/vpp-dev/message/10441
> Mute This Topic: https://lists.fd.io/mt/25362068/675621
> Mute #vpp: https://lists.fd.io/mk?hashtag=vpp=1480478
> Group Owner: vpp-dev+ow...@lists.fd.io
> Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [carlitonu...@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11793): https://lists.fd.io/g/vpp-dev/message/11793
Mute This Topic: https://lists.fd.io/mt/25362068/21656
Mute #vpp: https://lists.fd.io/mk?hashtag=vpp=1480452
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Question regarding captive portal

2018-12-28 Thread carlito nueno 
NAT might be the right way to achieve this.

This is the command I used with iptables:
iptables -t nat -A eth0 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.2

What is a similar command on VPP-NAT when I am trying to send port 80 traffic 
from main interface to tap-device:
main interface: GigabitEthernet4/0/0
tap id: 3 (tap3) with address 192.168.1.2 and host-if-name tapcap

Thanks
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11790): https://lists.fd.io/g/vpp-dev/message/11790
Mute This Topic: https://lists.fd.io/mt/28506160/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Question regarding captive portal

2019-01-04 Thread carlito nueno 
Hi Matus,

Thanks for the info. But I am not able to get it working. tcp 80
packets are not reaching the http server on tap-interface.
Only way it's working is if I rewrite DNS to point all domains
requests to 192.168.2.2.
I am running nat-plugin in endpoint-dependent mode.

All tcp 80 packets from clients connected to GigabitEthernet4/0/0.4
should be sent to tap4.

Here are my configs:

startup.conf:

unix {
  nodaemon
  log /var/log/vpp/vpp.log
  full-coredump
  cli-listen /run/vpp/cli.sock
  gid vpp
  startup-config /home/test/vpp.conf
}

api-trace {
  on
}

api-segment {
  gid vpp
}

cpu {
  main-core 2
  corelist-workers 3
}

nat {
  endpoint-dependent
}

dpdk {
  num-mbufs 32768
  uio-driver auto
}

vpp.conf:

set int state GigabitEthernet2/0/0 up
...
...
set int state GigabitEthernet4/0/0 up
...
...

create loopback interface instance 4
set int l2 bridge loop4 4 bvi
set int ip address loop4 192.168.2.1/24
set int state loop4 up
create sub GigabitEthernet4/0/0 4
set int l2 bridge GigabitEthernet4/0/0.4 4
set int l2 tag-rewrite GigabitEthernet4/0/0.4 pop 1
set int state GigabitEthernet4/0/0.4 up
create tap id 4 host-ip4-addr 192.168.2.2/24 host-if-name guest
set int l2 bridge tap4 4
set int state tap4 up

set interface nat44 in tap4 out GigabitEthernet4/0/0.4
nat44 add static mapping tcp local 192.168.2.2 80 external
GigabitEthernet4/0/0.4 80 out2in-only

nat44 add interface address GigabitEthernet2/0/0
set interface nat44 in loop1 in loop2 in loop3 in loop4 out GigabitEthernet2/0/0

Thank you and Happy New Year!

On Tue, Jan 1, 2019 at 10:23 PM Matus Fabian -X (matfabia - PANTHEON
TECHNOLOGIES at Cisco)  wrote:
>
> Hi,
>
>
>
> Run NAT plugin in endpoint-dependent mode (add following to startup config 
> “nat { endpoint-dependent }”), enable NAT feature “set interface nat44 in 
> tap3 out GigabitEthernet4/0/0” and create static mapping “nat44 add static 
> mapping tcp local 192.168.1.2 80 external GigabitEthernet4/0/0 80 
> out2in-only”.
>
>
>
> Matus
>
>
>
>
>
> From: vpp-dev@lists.fd.io  On Behalf Of carlito nueno
> Sent: Friday, December 28, 2018 10:52 PM
> To: vpp-dev@lists.fd.io
> Subject: Re: [vpp-dev] Question regarding captive portal
>
>
>
> NAT might be the right way to achieve this.
>
> This is the command I used with iptables:
> iptables -t nat -A eth0 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.2
>
> What is a similar command on VPP-NAT when I am trying to send port 80 traffic 
> from main interface to tap-device:
> main interface: GigabitEthernet4/0/0
> tap id: 3 (tap3) with address 192.168.1.2 and host-if-name tapcap
>
> Thanks
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11842): https://lists.fd.io/g/vpp-dev/message/11842
Mute This Topic: https://lists.fd.io/mt/28506160/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] received signal SIGSEGV and vpp restarts continuously

2018-09-17 Thread carlito nueno 
Hi Dave,

Have been running vpp v18.10-rc0~161-g34eb5d42 for 2 weeks and 3 days
without a problem.
So, it was a mistake on my part.

Thanks
On Mon, Aug 27, 2018 at 1:22 PM Dave Barach (dbarach)  wrote:
>
> Cool... Please let us know if you run into trouble...
>
> Thanks... Dave
>
> -Original Message-----
> From: Carlito Nueno 
> Sent: Monday, August 27, 2018 4:09 PM
> To: Dave Barach (dbarach) 
> Cc: vpp-dev@lists.fd.io
> Subject: Re: [vpp-dev] received signal SIGSEGV and vpp restarts continuously
>
> Hi Dave,
>
> I recompiled vpp v18.10-rc0~229-g869031c5 using master on 08-23-18 and have 
> been running it since. I ran a few tests with various loads and it hasn't 
> crash so far. So, I guess it was some kind of mistake on my part.
>
> I will report back if anything changes.
>
> Thank you.
> On Thu, Aug 23, 2018 at 5:36 AM Dave Barach (dbarach)  
> wrote:
> >
> > Looks like a  NULL pointer - please decode the pc. It would help if you 
> > could repro the problem with a debug image and send a full backtrace.
> >
> > vnet[10192]: received signal SIGSEGV, PC 0x7fa62aecade3, faulting
> > address 0x0
> >
> > D.
> >
> > -Original Message-
> > From: vpp-dev@lists.fd.io  On Behalf Of carlito
> > nueno
> > Sent: Wednesday, August 22, 2018 4:07 PM
> > To: vpp-dev@lists.fd.io
> > Subject: [vpp-dev] received signal SIGSEGV and vpp restarts
> > continuously
> >
> > Hi all,
> >
> > I am using vpp 18.10 master branch and have 6 tap devices:
> > lstack[1...6]
> >
> > startup.conf
> > unix {
> > nodaemon
> > log /var/log/vpp/vpp.log
> > full-coredump
> > cli-listen /run/vpp/cli.sock
> > gid vpp
> > startup-config /home/testvpp/vpp.conf
> > }
> >
> > api-trace {
> > on
> > }
> >
> > api-segment {
> > gid vpp
> > }
> >
> > cpu {
> > main-core 2
> > corelist-workers 3
> > }
> >
> > nat {
> > translation hash buckets 16000
> > translation hash memory 268435456
> > max translations per user 128
> > }
> >
> > dpdk {
> > num-mbufs 32768
> > }
> >
> > Error:
> > Started vector packet processing engine.
> > vpp[10192]: vlib_plugin_early_init:361: plugin path
> > /usr/lib/vpp_plugins:/usr/lib64/vpp_plugins
> > vpp[10192]: load_one_plugin:189: Loaded plugin: abf_plugin.so (ACL
> > based Forwarding)
> > vpp[10192]: load_one_plugin:189: Loaded plugin: acl_plugin.so (Access
> > Control Lists)
> > vpp[10192]: load_one_plugin:189: Loaded plugin: avf_plugin.so (Intel
> > Adaptive Virtual Function (AVF) Device Plugin)
> > vpp[10192]: load_one_plugin:191: Loaded plugin: cdp_plugin.so
> > vpp[10192]: load_one_plugin:189: Loaded plugin: dpdk_plugin.so (Data
> > Plane Development Kit (DPDK))
> > vpp[10192]: load_one_plugin:189: Loaded plugin: flowprobe_plugin.so
> > (Flow per Packet)
> > vpp[10192]: load_one_plugin:189: Loaded plugin: gbp_plugin.so (Group
> > Based Policy)
> > vpp[10192]: load_one_plugin:189: Loaded plugin: gtpu_plugin.so
> > (GTPv1-U)
> > vpp[10192]: load_one_plugin:189: Loaded plugin: igmp_plugin.so (IGMP
> > messaging)
> > vpp[10192]: load_one_plugin:189: Loaded plugin: ila_plugin.so
> > (Identifier-locator addressing for IPv6)
> > vpp[10192]: load_one_plugin:189: Loaded plugin: ioam_plugin.so
> > (Inbound OAM)
> > vpp[10192]: load_one_plugin:117: Plugin disabled (default):
> > ixge_plugin.so
> > vpp[10192]: load_one_plugin:189: Loaded plugin: l2e_plugin.so (L2
> > Emulation)
> > vpp[10192]: load_one_plugin:189: Loaded plugin: lacp_plugin.so (Link
> > Aggregation Control Protocol)
> > vpp[10192]: load_one_plugin:189: Loaded plugin: lb_plugin.so (Load
> > Balancer)
> > vpp[10192]: load_one_plugin:189: Loaded plugin: mactime_plugin.so
> > (Time-based MAC source-address filter)
> > vpp[10192]: load_one_plugin:189: Loaded plugin: map_plugin.so (Mapping
> > of address and port (MAP))
> > vpp[10192]: load_one_plugin:189: Loaded plugin: memif_plugin.so
> > (Packet Memory Interface (experimetal))
> > vpp[10192]: load_one_plugin:189: Loaded plugin: nat_plugin.so (Network
> > Address Translation)
> > vpp[10192]: load_one_plugin:189: Loaded plugin: pppoe_plugin.so
> > (PPPoE)
> > vpp[10192]: load_one_plugin:189: Loaded plugin: srv6ad_plugin.so
> > (Dynamic SRv6 proxy)
> > vpp[10192]: load_one_plugin:189: Loaded plugin: srv6am_plugin.so
> > (Masquerading SRv6 proxy)
> > vpp[10192]: load_one_plugin:189: Loaded plugin: srv6as_plugi

[vpp-dev] Help with ikev2/ipsec

2018-09-17 Thread carlito nueno 
Hi all,

I am trying to setup vpn on a vpp router. Testing via MacOS, as client.
When a MacOS device connects it should join into a VLAN and receives
an ip address under subnet 10.154.3.0/24.

I am following this:
https://wiki.fd.io/view/VPP/IPSec_and_IKEv2#VPP_configuration_2

vpp.conf

set int state TenGigabitEthernet8/0/0 up
set int ip address TenGigabitEthernet8/0/0 71.22.100.124/29
ip route add 0.0.0.0/0 via 71.22.100.130
ikev2 profile add pr1
ikev2 profile set pr1 auth shared-key-mic string Vpp123
ikev2 profile set pr1 id local fqdn vpp.home
ikev2 profile set pr1 id remote fqdn roadwarrior.vpn.example.com
ikev2 profile set pr1 traffic-selector local ip-range 10.154.3.2 -
10.154.3.220 port-range 0 - 65535 protocol 0
ikev2 profile set pr1 traffic-selector remote ip-range 10.154.3.2 -
10.154.3.220 port-range 0 - 65535 protocol 0

set int state GigabitEthernet4/0/0 up

loopback create
set int l2 bridge loop2 3 bvi
set int ip address loop2 10.154.3.1/24
set int state loop2 up

create sub GigabitEthernet4/0/0 3
set int l2 bridge GigabitEthernet4/0/0.3 3
set int l2 tag-rewrite GigabitEthernet4/0/0.3 pop 1
set int state GigabitEthernet4/0/0.3 up

nat44 add interface address TenGigabitEthernet8/0/0
set interface nat44 in loop2 out TenGigabitEthernet8/0/0

macOS network settings:
server address: 71.22.100.124
remote id: vpp.home
local id: roadwarrior.vpn.example.com
Shared Secret: Vpp123

sh ikev2 sa is empty.

Thanks
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#10529): https://lists.fd.io/g/vpp-dev/message/10529
Mute This Topic: https://lists.fd.io/mt/25742356/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Help with ikev2/ipsec

2018-09-18 Thread carlito nueno 
Hi Damjan,

Got it.

Any recommendation on how to implement client-to-site vpn with vpp 18.10? I
am not keen on using ikev2.

Thanks.
On Mon, Sep 17, 2018 at 11:50 PM Damjan Marion  wrote:

> Dear carlito,
>
> Native ikev2 in vpp is poc code, i would not consider it as a mature ikev2
> implementation. While it works for some use cases, i will not be surprised
> that in this case something is missing. I’m afraid you are stuck unless
> somebody volunteers to invest some time into it.
>
> —
> Damjan
>
> > On 18 Sep 2018, at 05:17, carlito nueno  wrote:
> >
> > Hi all,
> >
> > I am trying to setup vpn on a vpp router. Testing via MacOS, as client.
> > When a MacOS device connects it should join into a VLAN and receives
> > an ip address under subnet 10.154.3.0/24.
> >
> > I am following this:
> > https://wiki.fd.io/view/VPP/IPSec_and_IKEv2#VPP_configuration_2
> >
> > vpp.conf
> >
> > set int state TenGigabitEthernet8/0/0 up
> > set int ip address TenGigabitEthernet8/0/0 71.22.100.124/29
> > ip route add 0.0.0.0/0 via 71.22.100.130
> > ikev2 profile add pr1
> > ikev2 profile set pr1 auth shared-key-mic string Vpp123
> > ikev2 profile set pr1 id local fqdn vpp.home
> > ikev2 profile set pr1 id remote fqdn roadwarrior.vpn.example.com
> > ikev2 profile set pr1 traffic-selector local ip-range 10.154.3.2 -
> > 10.154.3.220 port-range 0 - 65535 protocol 0
> > ikev2 profile set pr1 traffic-selector remote ip-range 10.154.3.2 -
> > 10.154.3.220 port-range 0 - 65535 protocol 0
> >
> > set int state GigabitEthernet4/0/0 up
> >
> > loopback create
> > set int l2 bridge loop2 3 bvi
> > set int ip address loop2 10.154.3.1/24
> > set int state loop2 up
> >
> > create sub GigabitEthernet4/0/0 3
> > set int l2 bridge GigabitEthernet4/0/0.3 3
> > set int l2 tag-rewrite GigabitEthernet4/0/0.3 pop 1
> > set int state GigabitEthernet4/0/0.3 up
> >
> > nat44 add interface address TenGigabitEthernet8/0/0
> > set interface nat44 in loop2 out TenGigabitEthernet8/0/0
> >
> > macOS network settings:
> > server address: 71.22.100.124
> > remote id: vpp.home
> > local id: roadwarrior.vpn.example.com
> > Shared Secret: Vpp123
> >
> > sh ikev2 sa is empty.
> >
> > Thanks
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> >
> > View/Reply Online (#10529): https://lists.fd.io/g/vpp-dev/message/10529
> > Mute This Topic: https://lists.fd.io/mt/25742356/675642
> > Group Owner: vpp-dev+ow...@lists.fd.io
> > Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [dmar...@me.com]
> > -=-=-=-=-=-=-=-=-=-=-=-
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#10544): https://lists.fd.io/g/vpp-dev/message/10544
Mute This Topic: https://lists.fd.io/mt/25742356/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] VPP - ixia tests failing

2019-02-28 Thread carlito nueno 
Hi Benoit,

I had a similar issue without the AP. I connected:
client (ixia) --> GigabitEthernet4/0/0.3 --> vpp -->
GigabitEthernet5/0/0 (ixia)

Same problem. Ixia on GigabitEthernet5/0/0 was not receiving packets.
But traffic the other way was working fine.

Thanks

On Thu, Feb 28, 2019 at 12:49 AM Benoit Ganne (bganne)  wrote:
>
> Hi Carlito,
>
> Something looks fishy in the 1st trace (the failing one): dpdk-input 
> advertise a 60B packet length, (which should not happen, this is too small 
> for Ethernet anyway), and you can see the ip4-input reporting that the 
> advertised packet length in the IP header is 768B + incorrect checksum.
> Finally, error-drop gracefully tells you why it decided to drop it: 
> ip4-input: ip4 length > l2 length. And it is probably right.
> I would 1st check the packets you receive from the AP as they seem to be 
> truncated. That could be an AP issue or (more probable) a dpdk driver issue.
>
> Best
> Ben
>
> > -Original Message-
> > From: vpp-dev@lists.fd.io  On Behalf Of carlito nueno
> > Sent: jeudi 28 février 2019 03:44
> > To: vpp-dev@lists.fd.io
> > Subject: [vpp-dev] VPP - ixia tests failing
> >
> > Hi all,
> >
> > I got a chance to get my hands on an ixia testing box. Unfortunately I was
> > not able to test because upstream (from ethernet to client) was not
> > working:
> >
> > Not working: ixia on ethernet is not receiving packets client (ixia) -->
> > WiFi AP --> GigabitEthernet4/0/0.3 --> vpp -->
> > GigabitEthernet5/0/0 (ixia)
> >
> > The other way is working: ixia client is receiving packets
> > (ixia)GigabitEthernet5/0/0 --> vpp --> GigabitEthernet4/0/0.3 --> wifi AP
> > --> client (ixia)
> >
> > Both TCP and UDP tests failed. Packets are being dropped by VPP (error-
> > drop, null-node: blackholed packets).
> >
> > running: vpp v18.10-rc0~229-g869031c5
> >
> > ixia mac addresses:
> > client: 00:21:dd:xx:xx:xx
> > server: 00:11:dd:xx:xx:xx
> >
> > wifi access point mac address:
> > AP: a4:c5:ef:xx:xx:xx
> >
> > I don't have ACLs setup.
> >
> > Here is my vpp.conf and packet capture:
> > https://gist.github.com/ironpillow/9b1c5dd0905135ff09eba6067db179ae
> >
> > Any advice?
> >
> > Thanks
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#12391): https://lists.fd.io/g/vpp-dev/message/12391
Mute This Topic: https://lists.fd.io/mt/30159793/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] VPP - ixia tests failing

2019-02-28 Thread carlito nueno 
Ethernet hardware:
Ethernet controller: Intel Corporation I211 Gigabit Network Connection (rev 03)

I ran a few tests using iperf3, between:
macbook pro: 10.155.3.21 <--> connected to vpp port 10.155.3.1
Windows: 10.155.6.111 <--> connected to vpp port 10.155.6.1

Ping works from macbook to windows and vice versa.

iperf3 TCP works: iperf3 -s -B
macbook (10.155.3.21) as server <--> windows (10.155.6.111) as client
and vice versa

iperf3 tcp trace macbook server:
https://gist.github.com/ironpillow/3540616a5b32638e895023e3b3e13be8
iperf3 tcp trace windows server:
https://gist.github.com/ironpillow/2b9a421d4e6fbb2a4751727b34f8f5c8

iperf3 UDP ONLY works
windows (10.155.6.111) as server <--> macbook (10.155.3.21) as client.
iperf3 udp trace windows server:
https://gist.github.com/ironpillow/baecf1391864fba4e79a24670116db60

iperf3 UDP does NOT work
macbook ((10.155.3.21) as server <---> windows (10.155.6.111) as client.

01:17:50:122097: error-drop
  nat44-in2out-reass: Maximum reassemblies exceeded

iperf3 udp trace macbook server:
https://gist.github.com/ironpillow/ae93db2224de2730ce0115d8df22c9d1

Thanks.

On Thu, Feb 28, 2019 at 10:22 AM carlito nueno via Lists.Fd.Io
 wrote:
>
> Hi Benoit,
>
> I had a similar issue without the AP. I connected:
> client (ixia) --> GigabitEthernet4/0/0.3 --> vpp -->
> GigabitEthernet5/0/0 (ixia)
>
> Same problem. Ixia on GigabitEthernet5/0/0 was not receiving packets.
> But traffic the other way was working fine.
>
> Thanks
>
> On Thu, Feb 28, 2019 at 12:49 AM Benoit Ganne (bganne)  
> wrote:
> >
> > Hi Carlito,
> >
> > Something looks fishy in the 1st trace (the failing one): dpdk-input 
> > advertise a 60B packet length, (which should not happen, this is too small 
> > for Ethernet anyway), and you can see the ip4-input reporting that the 
> > advertised packet length in the IP header is 768B + incorrect checksum.
> > Finally, error-drop gracefully tells you why it decided to drop it: 
> > ip4-input: ip4 length > l2 length. And it is probably right.
> > I would 1st check the packets you receive from the AP as they seem to be 
> > truncated. That could be an AP issue or (more probable) a dpdk driver issue.
> >
> > Best
> > Ben
> >
> > > -Original Message-
> > > From: vpp-dev@lists.fd.io  On Behalf Of carlito nueno
> > > Sent: jeudi 28 février 2019 03:44
> > > To: vpp-dev@lists.fd.io
> > > Subject: [vpp-dev] VPP - ixia tests failing
> > >
> > > Hi all,
> > >
> > > I got a chance to get my hands on an ixia testing box. Unfortunately I was
> > > not able to test because upstream (from ethernet to client) was not
> > > working:
> > >
> > > Not working: ixia on ethernet is not receiving packets client (ixia) -->
> > > WiFi AP --> GigabitEthernet4/0/0.3 --> vpp -->
> > > GigabitEthernet5/0/0 (ixia)
> > >
> > > The other way is working: ixia client is receiving packets
> > > (ixia)GigabitEthernet5/0/0 --> vpp --> GigabitEthernet4/0/0.3 --> wifi AP
> > > --> client (ixia)
> > >
> > > Both TCP and UDP tests failed. Packets are being dropped by VPP (error-
> > > drop, null-node: blackholed packets).
> > >
> > > running: vpp v18.10-rc0~229-g869031c5
> > >
> > > ixia mac addresses:
> > > client: 00:21:dd:xx:xx:xx
> > > server: 00:11:dd:xx:xx:xx
> > >
> > > wifi access point mac address:
> > > AP: a4:c5:ef:xx:xx:xx
> > >
> > > I don't have ACLs setup.
> > >
> > > Here is my vpp.conf and packet capture:
> > > https://gist.github.com/ironpillow/9b1c5dd0905135ff09eba6067db179ae
> > >
> > > Any advice?
> > >
> > > Thanks
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
>
> View/Reply Online (#12391): https://lists.fd.io/g/vpp-dev/message/12391
> Mute This Topic: https://lists.fd.io/mt/30159793/675621
> Group Owner: vpp-dev+ow...@lists.fd.io
> Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [carlitonu...@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#12399): https://lists.fd.io/g/vpp-dev/message/12399
Mute This Topic: https://lists.fd.io/mt/30159793/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] VPP - ixia tests failing

2019-03-01 Thread carlito nueno 
In the above iperf3 test I only have three machines, macbook, windows and
vpp and all three connected via Ethernet.

macbook <--> vpp <--> windows

MTU on all interfaces is the default 1500

"show nat virtual reassembly" shows:
NAT IPv4 virtual fragmentation reassembly is ENABLED
 max-reassemblies 1024
 max-fragments 5
 timeout 2sec
 reassemblies:
NAT IPv6 virtual fragmentation reassembly is ENABLED
 max-reassemblies 1024
 max-fragments 5
 timeout 2sec
 reassemblies:

Thanks
On Fri, Mar 1, 2019 at 1:03 AM Benoit Ganne (bganne) 
wrote:

> Again, VPP tells you the error: on packet 20 (1st packet on
> GigabitEthernet5/0/0), you get a fragmented IPv4 packet and NAT reassembly
> drops the fragment. Check the status of the reassembly with "show nat
> virtual-reassembly" and update your conf accordingly with "nat
> virtual-reassembly".
> That said, you should not get fragmented packets in the 1st place in a
> correctly configured network. Check the MTU of all your interfaces
> (including clients, AP etc.).
>
> Best
> Ben
>
> > -Original Message-
> > From: Carlito Nueno 
> > Sent: vendredi 1 mars 2019 00:09
> > To: Carlito Nueno 
> > Cc: Benoit Ganne (bganne) ; vpp-dev@lists.fd.io
> > Subject: Re: [vpp-dev] VPP - ixia tests failing
> >
> > Ethernet hardware:
> > Ethernet controller: Intel Corporation I211 Gigabit Network Connection
> > (rev 03)
> >
> > I ran a few tests using iperf3, between:
> > macbook pro: 10.155.3.21 <--> connected to vpp port 10.155.3.1
> > Windows: 10.155.6.111 <--> connected to vpp port 10.155.6.1
> >
> > Ping works from macbook to windows and vice versa.
> >
> > iperf3 TCP works: iperf3 -s -B
> > macbook (10.155.3.21) as server <--> windows (10.155.6.111) as client and
> > vice versa
> >
> > iperf3 tcp trace macbook server:
> > https://gist.github.com/ironpillow/3540616a5b32638e895023e3b3e13be8
> > iperf3 tcp trace windows server:
> > https://gist.github.com/ironpillow/2b9a421d4e6fbb2a4751727b34f8f5c8
> >
> > iperf3 UDP ONLY works
> > windows (10.155.6.111) as server <--> macbook (10.155.3.21) as client.
> > iperf3 udp trace windows server:
> > https://gist.github.com/ironpillow/baecf1391864fba4e79a24670116db60
> >
> > iperf3 UDP does NOT work
> > macbook ((10.155.3.21) as server <---> windows (10.155.6.111) as client.
> >
> > 01:17:50:122097: error-drop
> >   nat44-in2out-reass: Maximum reassemblies exceeded
> >
> > iperf3 udp trace macbook server:
> > https://gist.github.com/ironpillow/ae93db2224de2730ce0115d8df22c9d1
> >
> > Thanks.
> >
> > On Thu, Feb 28, 2019 at 10:22 AM carlito nueno via Lists.Fd.Io
> >  wrote:
> > >
> > > Hi Benoit,
> > >
> > > I had a similar issue without the AP. I connected:
> > > client (ixia) --> GigabitEthernet4/0/0.3 --> vpp -->
> > > GigabitEthernet5/0/0 (ixia)
> > >
> > > Same problem. Ixia on GigabitEthernet5/0/0 was not receiving packets.
> > > But traffic the other way was working fine.
> > >
> > > Thanks
> > >
> > > On Thu, Feb 28, 2019 at 12:49 AM Benoit Ganne (bganne)
> >  wrote:
> > > >
> > > > Hi Carlito,
> > > >
> > > > Something looks fishy in the 1st trace (the failing one): dpdk-input
> > advertise a 60B packet length, (which should not happen, this is too
> small
> > for Ethernet anyway), and you can see the ip4-input reporting that the
> > advertised packet length in the IP header is 768B + incorrect checksum.
> > > > Finally, error-drop gracefully tells you why it decided to drop it:
> > ip4-input: ip4 length > l2 length. And it is probably right.
> > > > I would 1st check the packets you receive from the AP as they seem to
> > be truncated. That could be an AP issue or (more probable) a dpdk driver
> > issue.
> > > >
> > > > Best
> > > > Ben
> > > >
> > > > > -Original Message-
> > > > > From: vpp-dev@lists.fd.io  On Behalf Of
> > > > > carlito nueno
> > > > > Sent: jeudi 28 février 2019 03:44
> > > > > To: vpp-dev@lists.fd.io
> > > > > Subject: [vpp-dev] VPP - ixia tests failing
> > > > >
> > > > > Hi all,
> > > > >
> > > > > I got a chance to get my hands on an ixia testing box.
> > > > > Unfortunately I was not able to test because upstream (from
> > > > > ethernet to client) was no

Re: [vpp-dev] NAT: no free reassembly slot

2019-03-04 Thread carlito nueno 
Hi Ole,

Got it.

Since I wanted to test both upstream and downstream with iperf3, I was
using -R option.
Even with disabling virtual-reassembly, packets are being dropped (see below).

Switching server to 10.155.6.x  and client on 10.155.3.x works.
So, for this kind of test, do you recommend switching client and
server subnets instead of running iperf3 with -R.

here are the dropped packets:

Packet 49

00:19:41:823757: dpdk-input
  GigabitEthernet5/0/0 rx queue 0
  buffer 0x2dd18: current data 0, length 834, free-list 0, clone-count
0, totlen-nifb 0, trace 0x30
  ext-hdr-valid
  l4-cksum-computed l4-cksum-correct l2-hdr-offset 0
  PKT MBUF: port 3, nb_segs 1, pkt_len 834
buf_len 2176, data_len 834, ol_flags 0x180, data_off 128,
phys_addr 0xe8b74680
packet_type 0x11 l2_len 0 l3_len 0 outer_l2_len 0 outer_l3_len 0
rss 0x0 fdir.hi 0x0 fdir.lo 0x0
Packet Offload Flags
  PKT_RX_IP_CKSUM_GOOD (0x0080) IP cksum of RX pkt. is valid
  PKT_RX_L4_CKSUM_GOOD (0x0100) L4 cksum of RX pkt. is valid
Packet Types
  RTE_PTYPE_L2_ETHER (0x0001) Ethernet packet
  RTE_PTYPE_L3_IPV4 (0x0010) IPv4 packet without extension headers
  IP4: c0:56:27:11:f2:ac -> de:ad:00:00:00:05
  UDP: 10.155.6.111 -> 10.155.3.201
tos 0x00, ttl 64, length 820, checksum 0x843f
fragment id 0xd06f offset 7400, flags
  UDP: 23507 -> 4311
length 43450, checksum 0x6383
00:19:41:823759: ethernet-input
  IP4: c0:56:27:11:f2:ac -> de:ad:00:00:00:05
00:19:41:823760: l2-input
  l2-input: sw_if_index 4 dst de:ad:00:00:00:05 src c0:56:27:11:f2:ac
00:19:41:823760: l2-learn
  l2-learn: sw_if_index 4 dst de:ad:00:00:00:05 src c0:56:27:11:f2:ac bd_index 5
00:19:41:823760: l2-fwd
  l2-fwd:   sw_if_index 4 dst de:ad:00:00:00:05 src c0:56:27:11:f2:ac bd_index 5
00:19:41:823761: ip4-input
  UDP: 10.155.6.111 -> 10.155.3.201
tos 0x00, ttl 64, length 820, checksum 0x843f
fragment id 0xd06f offset 7400, flags
  UDP: 23507 -> 4311
length 43450, checksum 0x6383
00:19:41:823761: nat44-in2out
  NAT44_IN2OUT_FAST_PATH: sw_if_index 19, next index 4, session -1
00:19:41:823761: nat44-in2out-reass
  NAT44_REASS: sw_if_index 19, next index 1, status translated
00:19:41:823762: error-drop
  nat44-in2out-reass: Drop fragment

Packet 50

00:19:41:824581: dpdk-input
  GigabitEthernet5/0/0 rx queue 0
  buffer 0x1b3a8: current data 0, length 1514, free-list 0,
clone-count 0, totlen-nifb 0, trace 0x31
  ext-hdr-valid
  l4-cksum-computed l4-cksum-correct l2-hdr-offset 0
  PKT MBUF: port 3, nb_segs 1, pkt_len 1514
buf_len 2176, data_len 1514, ol_flags 0x180, data_off 128,
phys_addr 0xe86cea80
packet_type 0x11 l2_len 0 l3_len 0 outer_l2_len 0 outer_l3_len 0
rss 0x0 fdir.hi 0x0 fdir.lo 0x0
Packet Offload Flags
  PKT_RX_IP_CKSUM_GOOD (0x0080) IP cksum of RX pkt. is valid
  PKT_RX_L4_CKSUM_GOOD (0x0100) L4 cksum of RX pkt. is valid
Packet Types
  RTE_PTYPE_L2_ETHER (0x0001) Ethernet packet
  RTE_PTYPE_L3_IPV4 (0x0010) IPv4 packet without extension headers
  IP4: c0:56:27:11:f2:ac -> de:ad:00:00:00:05
  UDP: 10.155.6.111 -> 10.155.3.201
tos 0x00, ttl 64, length 1500, checksum 0x8700
fragment id 0xaea3, flags MORE_FRAGMENTS
  UDP: 5201 -> 47346
length 8200, checksum 0x5570
00:19:41:824582: ethernet-input
  IP4: c0:56:27:11:f2:ac -> de:ad:00:00:00:05
00:19:41:824583: l2-input
  l2-input: sw_if_index 4 dst de:ad:00:00:00:05 src c0:56:27:11:f2:ac
00:19:41:824583: l2-learn
  l2-learn: sw_if_index 4 dst de:ad:00:00:00:05 src c0:56:27:11:f2:ac bd_index 5
00:19:41:824584: l2-fwd
  l2-fwd:   sw_if_index 4 dst de:ad:00:00:00:05 src c0:56:27:11:f2:ac bd_index 5
00:19:41:824584: ip4-input
  UDP: 10.155.6.111 -> 10.155.3.201
tos 0x00, ttl 64, length 1500, checksum 0x8700
fragment id 0xaea3, flags MORE_FRAGMENTS
  UDP: 5201 -> 47346
length 8200, checksum 0x5570
00:19:41:824584: nat44-in2out
  NAT44_IN2OUT_FAST_PATH: sw_if_index 19, next index 4, session -1
00:19:41:824585: nat44-in2out-reass
  NAT44_REASS: sw_if_index 19, next index 1, status translated
00:19:41:824585: error-drop
  nat44-in2out-reass: Drop fragment

Thanks

On Sun, Mar 3, 2019 at 11:35 PM Ole Troan  wrote:
>
> Hi Carlito,
>
> Seems like you are sending IP fragments.
> Those need to be (virtually) reassembled before NATted. Reassembly is to a 
> large extent an attack vector, and it’s rate limited.
>
> cheers,
> Ole
>
> > On 3 Mar 2019, at 22:46, carlito nueno  wrote:
> >
> > Hi all,
> >
> > While running more iperf3 udp tests, I noticed vpp status showing this:
> >
> > My current vpp conf:
> > https://gist.github.com/ironpillow/4b119b57e21b31a7ff6985bcb20f952b
> >
> > Setup to reproduce:
> > 1. iperf3 server on 10.155.3.2 (iperf3 -s -B 10.155.3.2)
> > 2. iperf3 client on 10.155.6.2 but with -R flag (iperf3 -B 1

Re: [vpp-dev] NAT: no free reassembly slot

2019-03-04 Thread carlito nueno 
aders
> >  IP4: c0:56:27:11:f2:ac -> de:ad:00:00:00:05
> >  UDP: 10.155.6.111 -> 10.155.3.201
> >tos 0x00, ttl 64, length 1500, checksum 0x8700
> >fragment id 0xaea3, flags MORE_FRAGMENTS
> >  UDP: 5201 -> 47346
> >length 8200, checksum 0x5570
> > 00:19:41:824582: ethernet-input
> >  IP4: c0:56:27:11:f2:ac -> de:ad:00:00:00:05
> > 00:19:41:824583: l2-input
> >  l2-input: sw_if_index 4 dst de:ad:00:00:00:05 src c0:56:27:11:f2:ac
> > 00:19:41:824583: l2-learn
> >  l2-learn: sw_if_index 4 dst de:ad:00:00:00:05 src c0:56:27:11:f2:ac 
> > bd_index 5
> > 00:19:41:824584: l2-fwd
> >  l2-fwd:   sw_if_index 4 dst de:ad:00:00:00:05 src c0:56:27:11:f2:ac 
> > bd_index 5
> > 00:19:41:824584: ip4-input
> >  UDP: 10.155.6.111 -> 10.155.3.201
> >tos 0x00, ttl 64, length 1500, checksum 0x8700
> >fragment id 0xaea3, flags MORE_FRAGMENTS
> >  UDP: 5201 -> 47346
> >length 8200, checksum 0x5570
> > 00:19:41:824584: nat44-in2out
> >  NAT44_IN2OUT_FAST_PATH: sw_if_index 19, next index 4, session -1
> > 00:19:41:824585: nat44-in2out-reass
> >  NAT44_REASS: sw_if_index 19, next index 1, status translated
> > 00:19:41:824585: error-drop
> >  nat44-in2out-reass: Drop fragment
> >
> > Thanks
> >
> > On Sun, Mar 3, 2019 at 11:35 PM Ole Troan  wrote:
> >>
> >> Hi Carlito,
> >>
> >> Seems like you are sending IP fragments.
> >> Those need to be (virtually) reassembled before NATted. Reassembly is to a 
> >> large extent an attack vector, and it’s rate limited.
> >>
> >> cheers,
> >> Ole
> >>
> >>> On 3 Mar 2019, at 22:46, carlito nueno  wrote:
> >>>
> >>> Hi all,
> >>>
> >>> While running more iperf3 udp tests, I noticed vpp status showing this:
> >>>
> >>> My current vpp conf:
> >>> https://gist.github.com/ironpillow/4b119b57e21b31a7ff6985bcb20f952b
> >>>
> >>> Setup to reproduce:
> >>> 1. iperf3 server on 10.155.3.2 (iperf3 -s -B 10.155.3.2)
> >>> 2. iperf3 client on 10.155.6.2 but with -R flag (iperf3 -B 10.155.6.2
> >>> -c 10.155.3.2 -u -b0 -R)
> >>>
> >>> So basically, server on one subnet and client on another subnet and
> >>> run it with -R flag
> >>>
> >>> vpp.service - vector packet processing engine
> >>>  Loaded: loaded (/lib/systemd/system/vpp.service; enabled; vendor
> >>> preset: enabled)
> >>>  Active: active (running) since Fri 2019-03-01 17:09:24 PST; 18min ago
> >>> Process: 32079 ExecStopPost=/bin/rm -f /dev/shm/db
> >>> /dev/shm/global_vm /dev/shm/vpe-api (code=exited, status=0/SUCCESS)
> >>> Process: 32093 ExecStartPre=/sbin/modprobe uio_pci_generic
> >>> (code=exited, status=0/SUCCESS)
> >>> Process: 32087 ExecStartPre=/bin/rm -f /dev/shm/db
> >>> /dev/shm/global_vm /dev/shm/vpe-api (code=exited, status=0/SUCCESS)
> >>> Main PID: 32095 (vpp_main)
> >>>   Tasks: 10 (limit: 4915)
> >>>  CGroup: /system.slice/vpp.service
> >>>  └─32095 /usr/bin/vpp -c /etc/vpp/startup.conf
> >>>
> >>> Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
> >>> Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
> >>> Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
> >>> Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
> >>> Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
> >>> Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
> >>> Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
> >>> Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
> >>> Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
> >>> Mar 01 17:20:17 test1 vnet[32095]: nat: --- message(s) throttled ---
> >>>
> >>> Thanks
> >>> -=-=-=-=-=-=-=-=-=-=-=-
> >>> Links: You receive all messages sent to this group.
> >>>
> >>> View/Reply Online (#12410): https://lists.fd.io/g/vpp-dev/message/12410
> >>> Mute This Topic: https://lists.fd.io/mt/30206523/675193
> >>> Group Owner: vpp-dev+ow...@lists.fd.io
> >>> Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [otr...@employees.org]
> >>> -=-=-=-=-=-=-=-=-=-=-=-
> >>
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> >
> > View/Reply Online (#12419): https://lists.fd.io/g/vpp-dev/message/12419
> > Mute This Topic: https://lists.fd.io/mt/30206523/675193
> > Group Owner: vpp-dev+ow...@lists.fd.io
> > Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [otr...@employees.org]
> > -=-=-=-=-=-=-=-=-=-=-=-
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#12421): https://lists.fd.io/g/vpp-dev/message/12421
Mute This Topic: https://lists.fd.io/mt/30206523/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] NAT: no free reassembly slot

2019-03-03 Thread carlito nueno 
Hi all,

While running more iperf3 udp tests, I noticed vpp status showing this:

My current vpp conf:
https://gist.github.com/ironpillow/4b119b57e21b31a7ff6985bcb20f952b

Setup to reproduce:
1. iperf3 server on 10.155.3.2 (iperf3 -s -B 10.155.3.2)
2. iperf3 client on 10.155.6.2 but with -R flag (iperf3 -B 10.155.6.2
-c 10.155.3.2 -u -b0 -R)

So basically, server on one subnet and client on another subnet and
run it with -R flag

vpp.service - vector packet processing engine
   Loaded: loaded (/lib/systemd/system/vpp.service; enabled; vendor
preset: enabled)
   Active: active (running) since Fri 2019-03-01 17:09:24 PST; 18min ago
  Process: 32079 ExecStopPost=/bin/rm -f /dev/shm/db
/dev/shm/global_vm /dev/shm/vpe-api (code=exited, status=0/SUCCESS)
  Process: 32093 ExecStartPre=/sbin/modprobe uio_pci_generic
(code=exited, status=0/SUCCESS)
  Process: 32087 ExecStartPre=/bin/rm -f /dev/shm/db
/dev/shm/global_vm /dev/shm/vpe-api (code=exited, status=0/SUCCESS)
 Main PID: 32095 (vpp_main)
Tasks: 10 (limit: 4915)
   CGroup: /system.slice/vpp.service
   └─32095 /usr/bin/vpp -c /etc/vpp/startup.conf

Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
Mar 01 17:20:17 test1 vnet[32095]: nat: no free resassembly slot
Mar 01 17:20:17 test1 vnet[32095]: nat: --- message(s) throttled ---

Thanks
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#12410): https://lists.fd.io/g/vpp-dev/message/12410
Mute This Topic: https://lists.fd.io/mt/30206523/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] nat: create NAT session failed

2019-03-03 Thread carlito nueno 
Hi Matus,

Thank you. That makes sense.

On Thu, Jan 17, 2019 at 10:59 PM Matus Fabian -X (matfabia - PANTHEON
TECHNOLOGIES at Cisco)  wrote:
>
> Hi,
>
>
>
> For endpoint dependent NAT oldest session per user is recycled only when 
> expired (classic/vanilla NAT recycle always).
>
>
>
> Matus
>
>
>
>
>
> From: vpp-dev@lists.fd.io  On Behalf Of carlito nueno
> Sent: Friday, January 18, 2019 7:45 AM
> To: vpp-dev@lists.fd.io
> Subject: [vpp-dev] nat: create NAT session failed
>
>
>
> Hi all,
>
>
>
> When I set nat to endpoint dependent, I am receiving this error message:
>
> Jan 17 19:14:45 test1 vnet[32197]: nat: create NAT session failed
>
> Jan 17 19:14:45 test1 vnet[32197]: nat: max translations per user 10.155.0.2
>
>
>
> Here is: sh nat44 sessions
>
> NAT44 sessions:
>  thread 0 vpp_main: 0 sessions 
>  thread 1 vpp_wk_0: 449 sessions 
>   10.155.0.2: 256 dynamic translations, 0 static translations
>
>
>
> Here is: startup.conf
>
> unix {
>   nodaemon
>   log /var/log/vpp/vpp.log
>   full-coredump
>   cli-listen /run/vpp/cli.sock
>   gid vpp
>   startup-config /home/test1/vpp.conf
> }
>
> api-trace {
>   on
> }
>
> api-segment {
>   gid vpp
> }
>
> cpu {
>   main-core 2
>   corelist-workers 3
> }
>
> nat {
>   translation hash buckets 16000
>   max translations per user 256
>   endpoint-dependent
> }
>
> dpdk {
>   num-mbufs 32768
>   uio-driver auto
> }
>
>
>
> When I disable endpoint nat, even though translations hit the max (256), new 
> nat sessions are being created and everything is fine.
>
>
>
> Any advice?
>
>
>
> Thanks
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#12411): https://lists.fd.io/g/vpp-dev/message/12411
Mute This Topic: https://lists.fd.io/mt/29195721/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] VPP - ixia tests failing

2019-02-27 Thread carlito nueno 
Hi all,

I got a chance to get my hands on an ixia testing box. Unfortunately I
was not able to test because upstream (from ethernet to client) was
not working:

Not working: ixia on ethernet is not receiving packets
client (ixia) --> WiFi AP --> GigabitEthernet4/0/0.3 --> vpp -->
GigabitEthernet5/0/0 (ixia)

The other way is working: ixia client is receiving packets
(ixia)GigabitEthernet5/0/0 --> vpp --> GigabitEthernet4/0/0.3 --> wifi
AP  --> client (ixia)

Both TCP and UDP tests failed. Packets are being dropped by VPP
(error-drop, null-node: blackholed packets).

running: vpp v18.10-rc0~229-g869031c5

ixia mac addresses:
client: 00:21:dd:xx:xx:xx
server: 00:11:dd:xx:xx:xx

wifi access point mac address:
AP: a4:c5:ef:xx:xx:xx

I don't have ACLs setup.

Here is my vpp.conf and packet capture:
https://gist.github.com/ironpillow/9b1c5dd0905135ff09eba6067db179ae

Any advice?

Thanks
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#12380): https://lists.fd.io/g/vpp-dev/message/12380
Mute This Topic: https://lists.fd.io/mt/30159793/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] NAT44 and rate limiting

2019-04-18 Thread carlito nueno 
I used John's exact setup.

I added policer to loop5 and lan0

configure policer name policy2 type 1r2c cir 500 cb 5000 rate kbps
conform-action transmit exceed-action drop
classify table mask l3 ip4 src
classify session policer-hit-next policy2 table-index 0 match l3 ip4
src 10.8.200.2
set policer classify interface loop5 ip4-table 0
set policer classify interface lan0 ip4-table 20

sh int loop5 features
loop5
ip4-unicast:
  nat44-in2out
  ip4-policer-classify

sh int lan0 features
lan0
ip4-unicast:
  ip4-not-enabled
  ip4-policer-classify

"sh classify tables verbose" shows table has been added.
"show classify policer type ip4" shows table has been added to loop5 and lan0.

As you can see below it's
ethernet-input
l2-input
l2-learn
l2-fwd
ip4-input
nat44-in2out
ip4-lookup

ip4-policer-classify is not present after nat44-in2out.

Packet 1

1:23:06:454709: dpdk-input
  lan0 rx queue 0
  buffer 0xb3cf: current data 0, length 60, free-list 0, clone-count
0, totlen-nifb 0, trace 0x2
 ext-hdr-valid
 l4-cksum-computed l4-cksum-correct
  PKT MBUF: port 3, nb_segs 1, pkt_len 60
buf_len 2176, data_len 60, ol_flags 0x180, data_off 128, phys_addr
0xe96cf440
packet_type 0x111 l2_len 0 l3_len 0 outer_l2_len 0 outer_l3_len 0
rss 0x0 fdir.hi 0x0 fdir.lo 0x0
Packet Offload Flags
  PKT_RX_IP_CKSUM_GOOD (0x0080) IP cksum of RX pkt. is valid
  PKT_RX_L4_CKSUM_GOOD (0x0100) L4 cksum of RX pkt. is valid
Packet Types
  RTE_PTYPE_L2_ETHER (0x0001) Ethernet packet
  RTE_PTYPE_L3_IPV4 (0x0010) IPv4 packet without extension headers
  RTE_PTYPE_L4_TCP (0x0100) TCP packet
  IP4: ac:2e:33:1f:cc:3e -> ee:af:33:00:00:11
  TCP: 10.155.6.109 -> 10.8.200.1
tos 0x00, ttl 128, length 40, checksum 0x3811
fragment id 0xdfad, flags DONT_FRAGMENT
  TCP: 49727 -> 5201
seq. 0x34aa7da4 ack 0x4578b6ae
flags 0x10 ACK, tcp header: 20 bytes
window 53248, checksum 0x77bc
01:23:06:454710: ethernet-input
  frame: flags 0x3, hw-if-index 4, sw-if-index 4
  IP4: ac:2e:33:1f:cc:3e -> ee:af:33:00:00:11
01:23:06:454711: l2-input
  l2-input: sw_if_index 4 dst ee:af:33:00:00:11 src ac:2e:33:1f:cc:3e
01:23:06:454712: l2-learn
  l2-learn: sw_if_index 4 dst ee:af:33:00:00:11 src ac:2e:33:1f:cc:3e bd_index 1
01:23:06:454712: l2-fwd
  l2-fwd:   sw_if_index 4 dst ee:af:33:00:00:11 src ac:2e:33:1f:cc:3e
bd_index 1 result [0x70007, 7] static age-not bvi
01:23:06:454713: ip4-input
  TCP: 10.155.6.109 -> 10.8.200.1
tos 0x00, ttl 128, length 40, checksum 0x3811
fragment id 0xdfad, flags DONT_FRAGMENT
  TCP: 49727 -> 5201
seq. 0x34aa7da4 ack 0x4578b6ae
flags 0x10 ACK, tcp header: 20 bytes
window 53248, checksum 0x77bc
01:23:06:454713: nat44-in2out
  NAT44_IN2OUT_FAST_PATH: sw_if_index 7, next index 0, session 22
01:23:06:454714: ip4-lookup
  fib 0 dpo-idx 1 flow hash: 0x
  TCP: 10.8.200.2 -> 10.8.200.1
tos 0x00, ttl 128, length 40, checksum 0x770e
fragment id 0xdfad, flags DONT_FRAGMENT
  TCP: 26849 -> 5201
seq. 0x34aa7da4 ack 0x4578b6ae
flags 0x10 ACK, tcp header: 20 bytes
window 53248, checksum 0x1018
01:23:06:454715: ip4-rewrite
  tx_sw_if_index 6 dpo-idx 1 : ipv4 via 10.8.200.1 wan0: mtu:9000
a0369f9be2e2083571eb70550800 flow hash: 0x
  : a0369f9be2e2083571eb705508004528dfad40007f06780e0a08c8020a08
  0020: c80168e1145134aa7da44578b6ae5010d0001018
01:23:06:454716: wan0-output
  wan0
  IP4: a2:12:53:ac:bf:3b -> 2b:dd:3e:22:ae:2e
  TCP: 10.8.200.2 -> 10.8.200.1
tos 0x00, ttl 127, length 40, checksum 0x780e
fragment id 0xdfad, flags DONT_FRAGMENT
  TCP: 26849 -> 5201
seq. 0x34aa7da4 ack 0x4578b6ae
flags 0x10 ACK, tcp header: 20 bytes
window 53248, checksum 0x1018
01:23:06:454716: wan0-tx
  wan0 tx queue 1
  buffer 0xb3cf: current data 0, length 60, free-list 0, clone-count
0, totlen-nifb 0, trace 0x2
 ext-hdr-valid
 l4-cksum-computed l4-cksum-correct natted
l2-hdr-offset 0 l3-hdr-offset 14
  PKT MBUF: port 3, nb_segs 1, pkt_len 60
buf_len 2176, data_len 60, ol_flags 0x180, data_off 128, phys_addr
0xe96cf440
packet_type 0x111 l2_len 0 l3_len 0 outer_l2_len 0 outer_l3_len 0
rss 0x0 fdir.hi 0x0 fdir.lo 0x0
Packet Offload Flags
  PKT_RX_IP_CKSUM_GOOD (0x0080) IP cksum of RX pkt. is valid
  PKT_RX_L4_CKSUM_GOOD (0x0100) L4 cksum of RX pkt. is valid
Packet Types
  RTE_PTYPE_L2_ETHER (0x0001) Ethernet packet
  RTE_PTYPE_L3_IPV4 (0x0010) IPv4 packet without extension headers
  RTE_PTYPE_L4_TCP (0x0100) TCP packet
  IP4: a2:12:53:ac:bf:3b -> 2b:dd:3e:22:ae:2e
  TCP: 10.8.200.2 -> 10.8.200.1
tos 0x00, ttl 127, length 40, checksum 0x780e
fragment id 0xdfad, flags DONT_FRAGMENT
  TCP: 26849 -> 5201
seq. 0x34aa7da4 ack 0x4578b6ae
flags 0x10 ACK, tcp header: 20 bytes
window 53248, checksum 0x1018

Cheers

On Thu, Apr 18, 2019 at 9:

Re: [vpp-dev] NAT44 and rate limiting

2019-04-18 Thread carlito nueno 
John,

from your packet trace:

00:01:47:426336: ip4-input-no-checksum
  TCP: 10.8.200.1 -> 10.8.200.2
tos 0x00, ttl 64, length 52, checksum 0x96b0
fragment id 0x, flags DONT_FRAGMENT
  TCP: 80 -> 18995
seq. 0x732f1a24 ack 0x702b5a27
flags 0x12 SYN ACK, tcp header: 32 bytes
window 29200, checksum 0xb6b3
00:01:47:426337: nat44-out2in
  NAT44_OUT2IN: sw_if_index 6, next index 1, session index 1

You can't use src 10.8.200.2 because packets entering wan0 are out to
in, hence nat44_out2in, will have src of 10.8.200.1.
Packets before nat44_out2in will have dst of 10.8.200.2.
Hence your policer session will not work.

from your packet trace:

00:01:47:426338: loop5-output
  loop5
  IP4: de:ad:00:00:00:05 -> c0:56:27:90:3f:fc
  TCP: 10.8.200.1 -> 10.155.6.109
tos 0x00, ttl 63, length 52, checksum 0x58b3
fragment id 0x, flags DONT_FRAGMENT
  TCP: 80 -> 50051

Again, l2 src 08:25:a1:cb:40:55 won't work because packets after NAT
are leaving out of loop5 with src de:ad:00:00:00:05.

My hunch is this might work:
classify session policer-hit-next policy1 table-index 1 match l2 src
de:ad:00:00:00:05
set policer classify interface loop5 l2-table 1

Hope this helps.

On Tue, Apr 16, 2019 at 8:28 PM John Pearson  wrote:
>
> Hi all,
>
> I am using NAT44 and am trying to limit upload and download bandwidth 
> separately on wan0.
>
> setup:
> file server <--> [wan0] VPP [loop5] <--> client
>
> Info:
> file server
> ip address: 10.8.200.1
> mac: a0:36:9f:9b:e2:e2
>
> wan0
> ip addr: 10.8.200.2
> gateway: 10.8.200.1
> mac: 08:25:a1:cb:40:55
>
> loop5
> ip addr: 10.155.6.1
> mac: de:ad:00:00:00:05
>
> client
> ip addr: 10.155.6.109
> mac: c0:56:27:90:3f:fc
>
> vpp.conf
>
> set int state wan0 up
> set int ip address wan0 10.8.200.2/24
> ip route add 0.0.0.0/0 via 10.8.200.1
>
> set int state lan0 up
>
> create loopback interface instance 5
> set int l2 bridge loop5 5 bvi
> set int ip address loop5 10.155.6.1/24
> set int state loop5 up
> set int l2 bridge lan0 5
>
> nat44 add interface address wan0
> set interface nat44 in loop5 out wan0
>
> Packet trace of 2 packets: https://pastebin.com/PZLMpG1i
>
> What I tried:
>
> configure policer name policy1 type 1r2c cir 500 cb 5000 rate kbps 
> conform-action transmit exceed-action drop
> classify table mask l3 ip4 src
> classify session policer-hit-next policy1 table-index 0 match l3 ip4 src 
> 10.8.200.2
> set policer classify interface wan0 ip4-table 0
>
> -
>
> configure policer name policy1 type 1r2c cir 500 cb 5000 rate kbps 
> conform-action transmit exceed-action drop
> classify table mask l2 src
> classify session policer-hit-next policy1 table-index 1 match l2 src 
> 08:25:a1:cb:40:55
> set policer classify interface wan0 l2-table 0
>
> Please let me know where I am making a mistake.
>
> Thanks!
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
>
> View/Reply Online (#12802): https://lists.fd.io/g/vpp-dev/message/12802
> Mute This Topic: https://lists.fd.io/mt/31208381/675621
> Group Owner: vpp-dev+ow...@lists.fd.io
> Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [carlitonu...@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#12820): https://lists.fd.io/g/vpp-dev/message/12820
Mute This Topic: https://lists.fd.io/mt/31208381/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] Help with two interfaces accessing outside network

2019-08-13 Thread carlito nueno 
Hi all,

I am trying to setup two WAN interfaces where each of them can access
to the outside world at the same time.

So far I have:

set int state wan0 up
set int state wan1 up

set int ip address wan0 172.78.10.155/29
set dhcp client intfc wan1 hostname test-wans

ip route add 0.0.0.0/0 via 172.78.10.158 wan0

vpp# ping 8.8.8.8 source wan0
vpp# ping 8.8.8.8 source wan1

I am unable to ping via wan1

Any advice?

Thanks!
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#13726): https://lists.fd.io/g/vpp-dev/message/13726
Mute This Topic: https://lists.fd.io/mt/32857184/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Crash when using dns_name_server

2019-08-14 Thread carlito nueno 
VPP is not crashing anymore. I didn't change anything.

VPP is caching DNS queries

[P] DNS query: id 18
  no-recur recur-des no-trunc non-auth
  2 queries, 0 answers, 0 name-servers, 0 add'l recs
  Queries:
Name: www.apple.com: type A
Name: www.apple.com: type 

But LAN device is not able to resolve any url
LAN device is at 10.155.6.202

dig @10.155.6.1 www.apple.com

; <<>> DiG 9.10.6 <<>> @10.155.6.1 www.apple.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached


On Wed, Aug 14, 2019 at 4:41 PM carlito nueno via Lists.Fd.Io
 wrote:
>
> Hi all,
>
> I am trying to use DNS server and on "ping google.com" VPP is crashing
>
> Aug 13 21:31:10 test1-vpp vnet[853]: unknown input `add_del 8.8.8.8
> Aug 13 21:31:28 test1-vpp vnet[853]: dns cache: add / del / clear required..
> Aug 13 21:31:36 test1-vpp vnet[853]:
> vl_api_dns_resolve_name_reply_t_handler:2556: ip4 address 23.75.7.244
> Aug 13 21:32:24 test1-vpp vnet[853]: dns cache: add / del / clear required..
> Aug 13 21:34:43 test1-vpp vnet[853]: resolve_event:247: name server
> 8.8.8.8 backfire
>
> When I try to restart it, it just hangs
>
> Aug 13 21:35:16 test1-vpp vnet[853]: unix_signal_handler:170: received
> signal SIGCONT, PC 0x7f9bf5ff7e20
> Aug 13 21:35:16 test1-vpp vnet[853]: received SIGTERM, exiting...
> Aug 13 21:35:16 test1-vpp systemd[1]: Stopping vector packet
> processing engine...
> Aug 13 21:35:16 test1-vpp vnet[853]: unix_signal_handler:170: received
> signal SIGCONT, PC 0x7f9bf5ff7e20
>
> vpp.conf
>
> set int state wan0 up
> set dhcp client intfc wan0 hostname vpp
>
> loopback create
> set int l2 bridge loop5 6 bvi
> set int ip address loop5 10.155.6.1/24
> set int state loop5 up
>
> set int l2 bridge lan0 6
> set int state lan0 up
>
> create tap id 5 host-ip4-addr 10.155.6.2/24 host-if-name lstack
> host-ip4-gw 10.155.6.1
> set int l2 bridge tap5 6
> set int state tap5 up
>
> nat44 add interface address wan0
> set interface nat44 in loop5 in out wan0
>
> nat44 add identity mapping external wan0 udp 53053
> bin dns_name_server_add_del 8.8.8.8
> bin dns_name_server_add_del 8.8.8.4
> bin dns_enable_disable
>
> DHCP server settings
> OPTION:   6 (  4) DNS server   10.155.6.1
> OPTION:   3 (  4) Routers  10.155.6.1
>
> Thanks!
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
>
> View/Reply Online (#13739): https://lists.fd.io/g/vpp-dev/message/13739
> Mute This Topic: https://lists.fd.io/mt/32881233/675621
> Group Owner: vpp-dev+ow...@lists.fd.io
> Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [carlitonu...@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#13740): https://lists.fd.io/g/vpp-dev/message/13740
Mute This Topic: https://lists.fd.io/mt/32881233/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] Crash when using dns_name_server

2019-08-14 Thread carlito nueno 
Hi all,

I am trying to use DNS server and on "ping google.com" VPP is crashing

Aug 13 21:31:10 test1-vpp vnet[853]: unknown input `add_del 8.8.8.8
Aug 13 21:31:28 test1-vpp vnet[853]: dns cache: add / del / clear required..
Aug 13 21:31:36 test1-vpp vnet[853]:
vl_api_dns_resolve_name_reply_t_handler:2556: ip4 address 23.75.7.244
Aug 13 21:32:24 test1-vpp vnet[853]: dns cache: add / del / clear required..
Aug 13 21:34:43 test1-vpp vnet[853]: resolve_event:247: name server
8.8.8.8 backfire

When I try to restart it, it just hangs

Aug 13 21:35:16 test1-vpp vnet[853]: unix_signal_handler:170: received
signal SIGCONT, PC 0x7f9bf5ff7e20
Aug 13 21:35:16 test1-vpp vnet[853]: received SIGTERM, exiting...
Aug 13 21:35:16 test1-vpp systemd[1]: Stopping vector packet
processing engine...
Aug 13 21:35:16 test1-vpp vnet[853]: unix_signal_handler:170: received
signal SIGCONT, PC 0x7f9bf5ff7e20

vpp.conf

set int state wan0 up
set dhcp client intfc wan0 hostname vpp

loopback create
set int l2 bridge loop5 6 bvi
set int ip address loop5 10.155.6.1/24
set int state loop5 up

set int l2 bridge lan0 6
set int state lan0 up

create tap id 5 host-ip4-addr 10.155.6.2/24 host-if-name lstack
host-ip4-gw 10.155.6.1
set int l2 bridge tap5 6
set int state tap5 up

nat44 add interface address wan0
set interface nat44 in loop5 in out wan0

nat44 add identity mapping external wan0 udp 53053
bin dns_name_server_add_del 8.8.8.8
bin dns_name_server_add_del 8.8.8.4
bin dns_enable_disable

DHCP server settings
OPTION:   6 (  4) DNS server   10.155.6.1
OPTION:   3 (  4) Routers  10.155.6.1

Thanks!
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#13739): https://lists.fd.io/g/vpp-dev/message/13739
Mute This Topic: https://lists.fd.io/mt/32881233/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Help with two interfaces accessing outside network

2019-08-14 Thread carlito nueno 
Sorry for not being clear.

Each of the interfaces is connected to a different network (ISP). The
scenario is of dual WAN.
One ISP is providing static address and other is providing DHCP.

wan1 is receiving DHCP.

If I ONLY have:
ip route add 0.0.0.0/0 via 172.78.10.158 wan0
then I am able to ping from wan0

If I ONLY have:
ip route add 0.0.0.0/0 via wan1
then I am able to ping from wan1

ping works from one interface or the other but not both. So, I am
using this to setup dual WAN scenario where if one ISP is down, I can
move the outbound connections via wan1 and vise versa.

Thanks!



On Wed, Aug 14, 2019 at 7:28 AM Balaji B via Lists.Fd.Io
 wrote:
>
> I am assuming wan1 is also connected to same network as wan0, is that 
> correct? Curious, what is your use case for wanting to have two interface 
> connected to same network?
>
> Also, check to see if you got an address from DHCP and try to ping the next 
> hop first. -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
>
> View/Reply Online (#13734): https://lists.fd.io/g/vpp-dev/message/13734
> Mute This Topic: https://lists.fd.io/mt/32857184/675621
> Group Owner: vpp-dev+ow...@lists.fd.io
> Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [carlitonu...@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#13738): https://lists.fd.io/g/vpp-dev/message/13738
Mute This Topic: https://lists.fd.io/mt/32857184/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Crash when using dns_name_server

2019-08-14 Thread carlito nueno 
rss 0x0 fdir.hi 0x0 fdir.lo 0x0
Packet Offload Flags
  PKT_RX_IP_CKSUM_GOOD (0x0080) IP cksum of RX pkt. is valid
  PKT_RX_L4_CKSUM_GOOD (0x0100) L4 cksum of RX pkt. is valid
Packet Types
  RTE_PTYPE_L2_ETHER (0x0001) Ethernet packet
  RTE_PTYPE_L3_IPV4 (0x0010) IPv4 packet without extension headers
  RTE_PTYPE_L4_UDP (0x0200) UDP packet
  IP4: 4a:1d:70:63:fc:d4 -> 06:35:31:eb:33:22
  UDP: 8.8.8.8 -> 72.33.156.100
tos 0x20, ttl 122, length 222, checksum 0x3980
fragment id 0xf975
  UDP: 53 -> 53053
length 202, checksum 0x0da9
00:28:13:590292: ethernet-input
  frame: flags 0x3, hw-if-index 6, sw-if-index 6
  IP4: 4a:1d:70:63:fc:d4 -> 06:35:31:eb:33:22
00:28:13:590293: ip4-input-no-checksum
  UDP: 8.8.8.8 -> 72.33.156.100
tos 0x20, ttl 122, length 222, checksum 0x3980
fragment id 0xf975
  UDP: 53 -> 53053
length 202, checksum 0x0da9
00:28:13:590294: nat44-out2in
  NAT44_OUT2IN: sw_if_index 6, next index 0, session index -1
00:28:13:590294: error-drop
  rx:wan0
00:28:13:590294: drop
  nat44-out2in: no translation

On Wed, Aug 14, 2019 at 5:26 PM carlito nueno via Lists.Fd.Io
 wrote:
>
> VPP is not crashing anymore. I didn't change anything.
>
> VPP is caching DNS queries
>
> [P] DNS query: id 18
>   no-recur recur-des no-trunc non-auth
>   2 queries, 0 answers, 0 name-servers, 0 add'l recs
>   Queries:
> Name: www.apple.com: type A
> Name: www.apple.com: type 
>
> But LAN device is not able to resolve any url
> LAN device is at 10.155.6.202
>
> dig @10.155.6.1 www.apple.com
>
> ; <<>> DiG 9.10.6 <<>> @10.155.6.1 www.apple.com
> ; (1 server found)
> ;; global options: +cmd
> ;; connection timed out; no servers could be reached
>
>
> On Wed, Aug 14, 2019 at 4:41 PM carlito nueno via Lists.Fd.Io
>  wrote:
> >
> > Hi all,
> >
> > I am trying to use DNS server and on "ping google.com" VPP is crashing
> >
> > Aug 13 21:31:10 test1-vpp vnet[853]: unknown input `add_del 8.8.8.8
> > Aug 13 21:31:28 test1-vpp vnet[853]: dns cache: add / del / clear required..
> > Aug 13 21:31:36 test1-vpp vnet[853]:
> > vl_api_dns_resolve_name_reply_t_handler:2556: ip4 address 23.75.7.244
> > Aug 13 21:32:24 test1-vpp vnet[853]: dns cache: add / del / clear required..
> > Aug 13 21:34:43 test1-vpp vnet[853]: resolve_event:247: name server
> > 8.8.8.8 backfire
> >
> > When I try to restart it, it just hangs
> >
> > Aug 13 21:35:16 test1-vpp vnet[853]: unix_signal_handler:170: received
> > signal SIGCONT, PC 0x7f9bf5ff7e20
> > Aug 13 21:35:16 test1-vpp vnet[853]: received SIGTERM, exiting...
> > Aug 13 21:35:16 test1-vpp systemd[1]: Stopping vector packet
> > processing engine...
> > Aug 13 21:35:16 test1-vpp vnet[853]: unix_signal_handler:170: received
> > signal SIGCONT, PC 0x7f9bf5ff7e20
> >
> > vpp.conf
> >
> > set int state wan0 up
> > set dhcp client intfc wan0 hostname vpp
> >
> > loopback create
> > set int l2 bridge loop5 6 bvi
> > set int ip address loop5 10.155.6.1/24
> > set int state loop5 up
> >
> > set int l2 bridge lan0 6
> > set int state lan0 up
> >
> > create tap id 5 host-ip4-addr 10.155.6.2/24 host-if-name lstack
> > host-ip4-gw 10.155.6.1
> > set int l2 bridge tap5 6
> > set int state tap5 up
> >
> > nat44 add interface address wan0
> > set interface nat44 in loop5 in out wan0
> >
> > nat44 add identity mapping external wan0 udp 53053
> > bin dns_name_server_add_del 8.8.8.8
> > bin dns_name_server_add_del 8.8.8.4
> > bin dns_enable_disable
> >
> > DHCP server settings
> > OPTION:   6 (  4) DNS server   10.155.6.1
> > OPTION:   3 (  4) Routers  10.155.6.1
> >
> > Thanks!
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> >
> > View/Reply Online (#13739): https://lists.fd.io/g/vpp-dev/message/13739
> > Mute This Topic: https://lists.fd.io/mt/32881233/675621
> > Group Owner: vpp-dev+ow...@lists.fd.io
> > Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [carlitonu...@gmail.com]
> > -=-=-=-=-=-=-=-=-=-=-=-
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
>
> View/Reply Online (#13740): https://lists.fd.io/g/vpp-dev/message/13740
> Mute This Topic: https://lists.fd.io/mt/32881233/675621
> Group Owner: vpp-dev+ow...@lists.fd.io
> Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [carlitonu...@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#13741): https://lists.fd.io/g/vpp-dev/message/13741
Mute This Topic: https://lists.fd.io/mt/32881233/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Crash when using dns_name_server

2019-08-15 Thread carlito nueno 
Hi Dave,

Yep. When I made the packet trace, I had the dns config bits.

VPP is caching DNS queries

[P] DNS query: id 18
  no-recur recur-des no-trunc non-auth
  2 queries, 0 answers, 0 name-servers, 0 add'l recs
  Queries:
Name: www.apple.com: type A
Name: www.apple.com: type 

But LAN (inside network) device is not able to resolve any url
LAN device is at 10.155.6.202

dig @10.155.6.1 www.apple.com

; <<>> DiG 9.10.6 <<>> @10.155.6.1 www.apple.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

Here is the config I was using:

set int state wan0 up
set int state lan0 up
set int state lan1 up

loopback create
set int l2 bridge loop0 1 bvi
set int ip address loop0 10.155.1.1/24
set int state loop0 up

create sub lan0 1
set int state lan0.1 up
set int l2 bridge lan0.1 1
set int l2 tag-rewrite lan0.1 pop 1
create sub lan1 1
set int state lan1.1 up
set int l2 bridge lan1.1 1
set int l2 tag-rewrite lan1.1 pop 1

create tap id 0 host-ip4-addr 10.155.1.2/24 host-if-name mgmt
set int l2 bridge tap0 1
set int state tap0 up

loopback create
set int l2 bridge loop1 2 bvi
set int ip address loop1 10.155.2.1/24
set int state loop1 up

create sub lan0 2
set int state lan0.2 up
set int l2 bridge lan0.2 2
set int l2 tag-rewrite lan0.2 pop 1
create sub lan1 2
set int state lan1.2 up
set int l2 bridge lan1.2 2
set int l2 tag-rewrite lan1.2 pop 1

create tap id 1 host-ip4-addr 10.155.2.2/24 host-if-name private
set int l2 bridge tap1 2
set int state tap1 up

loopback create
set int l2 bridge loop2 3 bvi
set int ip address loop2 10.155.6.1/24
set int state loop2 up

set int l2 bridge lan0 3
set int l2 bridge lan1 3

create tap id 2 host-ip4-addr 10.155.6.2/24 host-if-name novlan
set int l2 bridge tap2 3
set int state tap2 up

nat44 add interface address wan0
set interface nat44 in loop0 in loop1 in loop2
set interface nat44 out wan0

nat44 add identity mapping external wan0 udp 53053
bin dns_name_server_add_del 8.8.8.8
bin dns_enable_disable


DHCP server settings
OPTION:   6 (  4) DNS server10.155.6.1
OPTION:   3 (  4) Routers  10.155.6.1

Thanks!

On Thu, Aug 15, 2019 at 5:02 AM Dave Barach (dbarach)  wrote:
>
> Four bits of config required:
>
> nat44 add identity mapping external GigabitEthernet3/0/0 udp 53053
> binary-api dns_name_server_add_del 8.8.8.8
> binary-api dns_enable_disable
>
> Inside network DHCP server needs to set option 6 (DNS name server) to the vpp 
> gateway address.
>
> D.
>
> -Original Message-
> From: vpp-dev@lists.fd.io  On Behalf Of carlito nueno
> Sent: Wednesday, August 14, 2019 11:46 PM
> To: Carlito Nueno 
> Cc: vpp-dev@lists.fd.io
> Subject: Re: [vpp-dev] Crash when using dns_name_server
>
> Did a packet trace and I noticed two things:
>
> dns4-request: DNS pkts pending upstream name resolution
> nat44-out2in: no translation
>
>
> Packet 8
>
> 00:28:11:659028: dpdk-input
>   lan1 rx queue 0
>   buffer 0x8aeef: current data 0, length 89, buffer-pool 0, ref-count 1, 
> totlen-nifb 0, trace 0x5
>   ext-hdr-valid
>   l4-cksum-computed l4-cksum-correct
>   PKT MBUF: port 2, nb_segs 1, pkt_len 89
> buf_len 2176, data_len 89, ol_flags 0x180, data_off 128, phys_addr
> 0xe64bbc40
> packet_type 0x211 l2_len 0 l3_len 0 outer_l2_len 0 outer_l3_len 0
> rss 0x0 fdir.hi 0x0 fdir.lo 0x0
> Packet Offload Flags
>   PKT_RX_IP_CKSUM_GOOD (0x0080) IP cksum of RX pkt. is valid
>   PKT_RX_L4_CKSUM_GOOD (0x0100) L4 cksum of RX pkt. is valid
> Packet Types
>   RTE_PTYPE_L2_ETHER (0x0001) Ethernet packet
>   RTE_PTYPE_L3_IPV4 (0x0010) IPv4 packet without extension headers
>   RTE_PTYPE_L4_UDP (0x0200) UDP packet
>   IP4: a0:36:9f:3b:a2:b2 -> de:ad:00:00:00:05
>   UDP: 10.155.6.203 -> 10.155.6.1
> tos 0x00, ttl 64, length 75, checksum 0x55ce
> fragment id 0xc2d2, flags DONT_FRAGMENT
>   UDP: 33177 -> 53
> length 55, checksum 0x96d9
> 00:28:11:659031: ethernet-input
>   frame: flags 0x3, hw-if-index 3, sw-if-index 3
>   IP4: a0:36:9f:3b:a2:b2 -> de:ad:00:00:00:05
> 00:28:11:659032: l2-input
>   l2-input: sw_if_index 3 dst de:ad:00:00:00:05 src a0:36:9f:3b:a2:b2
> 00:28:11:659033: l2-learn
>   l2-learn: sw_if_index 3 dst de:ad:00:00:00:05 src a0:36:9f:3b:a2:b2 
> bd_index 6
> 00:28:11:659034: l2-fwd
>   l2-fwd:   sw_if_index 3 dst de:ad:00:00:00:05 src a0:36:9f:3b:a2:b2
> bd_index 6 result [0x70025, 37] static age-not bvi
> 00:28:11:659036: ip4-input
>   UDP: 10.155.6.203 -> 10.155.6.1
> tos 0x00, ttl 64, length 75, checksum 0x55ce
> fragment id 0xc2d2, flags DONT_FRAGMENT
>   UDP: 33177 -> 53
> length 55, checksum 0x96d9
> 00:28:11:659037: nat44-in2out
>   NAT44_IN2OUT_FAST_PATH: sw_if_i

Re: [vpp-dev] Help with two interfaces accessing outside network

2019-08-15 Thread carlito nueno 
Hi Balaji,

As far as I know, VPP doesn't have link monitoring to switch routes.
But as you said, I added a cron job to check link status and switch
routes on failure.
I added each interface route to a particular FIB table. This way I am
able to use ping 8.8.8.8 source wan0 or wan1.

Is this the correct way?

Thanks!


On Thu, Aug 15, 2019 at 2:46 PM Balaji B via Lists.Fd.Io
 wrote:
>
> Not sure there is a way to do this without a routing protocol.
>
> Don't think there is link monitoring or path monitoring to switch the default 
> route to backup route.
>
> Maybe you can have a cron job that check the link status and next hop 
> connectivity and switch the route when there is a failure.
>
> Good luck.  -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
>
> View/Reply Online (#13755): https://lists.fd.io/g/vpp-dev/message/13755
> Mute This Topic: https://lists.fd.io/mt/32857184/675621
> Group Owner: vpp-dev+ow...@lists.fd.io
> Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [carlitonu...@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#13756): https://lists.fd.io/g/vpp-dev/message/13756
Mute This Topic: https://lists.fd.io/mt/32857184/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] Build errors

2019-08-15 Thread carlito nueno 
Hi all,

I am following this guide to build VPP:
https://wiki.fd.io/view/VPP/Pulling,_Building,_Running,_Hacking_and_Pushing_VPP_Code

I added a patch to stable/1908 branch
using ubuntu 18.04LTS
running as ROOT user

I followed these steps:
apt-get update
apt-get install build-essential
make install-dep
make install-ext-deps
make build

When I do make install-ext-deps, I get these errors:

dpkg-buildpackage: warning: debian/changelog(l1): version '-0' is
invalid: upstream version cannot be empty
LINE: vpp-ext-deps (-0) unstable; urgency=low
dpkg-buildpackage: info: source package vpp-ext-deps
dpkg-buildpackage: info: source version unknown
dpkg-buildpackage: error: version number does not start with digit
Makefile:72: recipe for target 'vpp-ext-deps_-0_amd64.deb' failed
make[2]: *** [vpp-ext-deps_-0_amd64.deb] Error 255
make[2]: Leaving directory '/root/vpp/build/external'
Makefile:79: recipe for target 'install-deb' failed
make[1]: *** [install-deb] Error 2
make[1]: Leaving directory '/root/vpp/build/external'
Makefile:540: recipe for target 'install-ext-deps' failed
make: *** [install-ext-deps] Error 2

when I do make build, I get these errors

-- Configuration:
VPP version :
VPP library version : NOTFOUND
GIT toplevel dir: /root/vpp
Build type  :
C flags : -Wno-address-of-packed-member -march=corei7
-mtune=corei7-avx -O0 -DCLIB_DEBUG -g -DFORTIFY_SOURCE=2
-fstack-protector -fPIC -Wall -Werror -fno-common
Linker flags: -O0 -DCLIB_DEBUG -g -DFORTIFY_SOURCE=2
-fstack-protector -fPIC -Wall -Werror -fno-common
Host processor  : x86_64
Target processor: x86_64
Prefix path :
/opt/vpp/external/x86_64;/root/vpp/build-root/install-vpp_debug-native/external
Install prefix  : /root/vpp/build-root/install-vpp_debug-native/vpp
-- Configuring incomplete, errors occurred!
See also 
"/root/vpp/build-root/build-vpp_debug-native/vpp/CMakeFiles/CMakeOutput.log".
See also 
"/root/vpp/build-root/build-vpp_debug-native/vpp/CMakeFiles/CMakeError.log".
Makefile:644: recipe for target 'vpp-configure' failed
make[1]: *** [vpp-configure] Error 1
make[1]: Leaving directory '/root/vpp/build-root'
Makefile:367: recipe for target 'build' failed
make: *** [build] Error 2

CMakeFiles/CMakeOutput.log: https://termbin.com/fhaz
CMakeFiles/CMakeError.log: https://termbin.com/pkh7d

Thanks
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#13757): https://lists.fd.io/g/vpp-dev/message/13757
Mute This Topic: https://lists.fd.io/mt/32893039/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Build errors

2019-08-15 Thread carlito nueno 
Hi all,

I think I found the problem.

fatal: ambiguous argument 'v1.19-rc0..': unknown revision or path not
in the working tree.

Here are steps I did:
- I forked `stable/1908` branch and added some code to it.
- Now my branch is `test-stable/1908`
- I tagged my branch with `v1.19.08`.
- I pushed the VPP master and my branch to github.
- On my build server, I cloned my repo `github.com/carnu/vpp.git`
- I checked out `v1.19.08`

I am not well versed with git. Please let me know how I can compile
after adding custom code.

Really appreciate it!

On Thu, Aug 15, 2019 at 5:44 PM carlito nueno via Lists.Fd.Io
 wrote:
>
> I am getting the same error with: build-root/vagrant/build.sh
>
> On Thu, Aug 15, 2019 at 5:21 PM carlito nueno via Lists.Fd.Io
>  wrote:
> >
> > Hi all,
> >
> > I am following this guide to build VPP:
> > https://wiki.fd.io/view/VPP/Pulling,_Building,_Running,_Hacking_and_Pushing_VPP_Code
> >
> > I added a patch to stable/1908 branch
> > using ubuntu 18.04LTS
> > running as ROOT user
> >
> > I followed these steps:
> > apt-get update
> > apt-get install build-essential
> > make install-dep
> > make install-ext-deps
> > make build
> >
> > When I do make install-ext-deps, I get these errors:
> >
> > dpkg-buildpackage: warning: debian/changelog(l1): version '-0' is
> > invalid: upstream version cannot be empty
> > LINE: vpp-ext-deps (-0) unstable; urgency=low
> > dpkg-buildpackage: info: source package vpp-ext-deps
> > dpkg-buildpackage: info: source version unknown
> > dpkg-buildpackage: error: version number does not start with digit
> > Makefile:72: recipe for target 'vpp-ext-deps_-0_amd64.deb' failed
> > make[2]: *** [vpp-ext-deps_-0_amd64.deb] Error 255
> > make[2]: Leaving directory '/root/vpp/build/external'
> > Makefile:79: recipe for target 'install-deb' failed
> > make[1]: *** [install-deb] Error 2
> > make[1]: Leaving directory '/root/vpp/build/external'
> > Makefile:540: recipe for target 'install-ext-deps' failed
> > make: *** [install-ext-deps] Error 2
> >
> > when I do make build, I get these errors
> >
> > -- Configuration:
> > VPP version :
> > VPP library version : NOTFOUND
> > GIT toplevel dir: /root/vpp
> > Build type  :
> > C flags : -Wno-address-of-packed-member -march=corei7
> > -mtune=corei7-avx -O0 -DCLIB_DEBUG -g -DFORTIFY_SOURCE=2
> > -fstack-protector -fPIC -Wall -Werror -fno-common
> > Linker flags: -O0 -DCLIB_DEBUG -g -DFORTIFY_SOURCE=2
> > -fstack-protector -fPIC -Wall -Werror -fno-common
> > Host processor  : x86_64
> > Target processor: x86_64
> > Prefix path :
> > /opt/vpp/external/x86_64;/root/vpp/build-root/install-vpp_debug-native/external
> > Install prefix  : /root/vpp/build-root/install-vpp_debug-native/vpp
> > -- Configuring incomplete, errors occurred!
> > See also 
> > "/root/vpp/build-root/build-vpp_debug-native/vpp/CMakeFiles/CMakeOutput.log".
> > See also 
> > "/root/vpp/build-root/build-vpp_debug-native/vpp/CMakeFiles/CMakeError.log".
> > Makefile:644: recipe for target 'vpp-configure' failed
> > make[1]: *** [vpp-configure] Error 1
> > make[1]: Leaving directory '/root/vpp/build-root'
> > Makefile:367: recipe for target 'build' failed
> > make: *** [build] Error 2
> >
> > CMakeFiles/CMakeOutput.log: https://termbin.com/fhaz
> > CMakeFiles/CMakeError.log: https://termbin.com/pkh7d
> >
> > Thanks
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> >
> > View/Reply Online (#13757): https://lists.fd.io/g/vpp-dev/message/13757
> > Mute This Topic: https://lists.fd.io/mt/32893039/675621
> > Group Owner: vpp-dev+ow...@lists.fd.io
> > Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [carlitonu...@gmail.com]
> > -=-=-=-=-=-=-=-=-=-=-=-
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
>
> View/Reply Online (#13758): https://lists.fd.io/g/vpp-dev/message/13758
> Mute This Topic: https://lists.fd.io/mt/32893039/675621
> Group Owner: vpp-dev+ow...@lists.fd.io
> Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [carlitonu...@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#13760): https://lists.fd.io/g/vpp-dev/message/13760
Mute This Topic: https://lists.fd.io/mt/32893039/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Build errors

2019-08-15 Thread carlito nueno 
I am getting the same error with: build-root/vagrant/build.sh

On Thu, Aug 15, 2019 at 5:21 PM carlito nueno via Lists.Fd.Io
 wrote:
>
> Hi all,
>
> I am following this guide to build VPP:
> https://wiki.fd.io/view/VPP/Pulling,_Building,_Running,_Hacking_and_Pushing_VPP_Code
>
> I added a patch to stable/1908 branch
> using ubuntu 18.04LTS
> running as ROOT user
>
> I followed these steps:
> apt-get update
> apt-get install build-essential
> make install-dep
> make install-ext-deps
> make build
>
> When I do make install-ext-deps, I get these errors:
>
> dpkg-buildpackage: warning: debian/changelog(l1): version '-0' is
> invalid: upstream version cannot be empty
> LINE: vpp-ext-deps (-0) unstable; urgency=low
> dpkg-buildpackage: info: source package vpp-ext-deps
> dpkg-buildpackage: info: source version unknown
> dpkg-buildpackage: error: version number does not start with digit
> Makefile:72: recipe for target 'vpp-ext-deps_-0_amd64.deb' failed
> make[2]: *** [vpp-ext-deps_-0_amd64.deb] Error 255
> make[2]: Leaving directory '/root/vpp/build/external'
> Makefile:79: recipe for target 'install-deb' failed
> make[1]: *** [install-deb] Error 2
> make[1]: Leaving directory '/root/vpp/build/external'
> Makefile:540: recipe for target 'install-ext-deps' failed
> make: *** [install-ext-deps] Error 2
>
> when I do make build, I get these errors
>
> -- Configuration:
> VPP version :
> VPP library version : NOTFOUND
> GIT toplevel dir: /root/vpp
> Build type  :
> C flags : -Wno-address-of-packed-member -march=corei7
> -mtune=corei7-avx -O0 -DCLIB_DEBUG -g -DFORTIFY_SOURCE=2
> -fstack-protector -fPIC -Wall -Werror -fno-common
> Linker flags: -O0 -DCLIB_DEBUG -g -DFORTIFY_SOURCE=2
> -fstack-protector -fPIC -Wall -Werror -fno-common
> Host processor  : x86_64
> Target processor: x86_64
> Prefix path :
> /opt/vpp/external/x86_64;/root/vpp/build-root/install-vpp_debug-native/external
> Install prefix  : /root/vpp/build-root/install-vpp_debug-native/vpp
> -- Configuring incomplete, errors occurred!
> See also 
> "/root/vpp/build-root/build-vpp_debug-native/vpp/CMakeFiles/CMakeOutput.log".
> See also 
> "/root/vpp/build-root/build-vpp_debug-native/vpp/CMakeFiles/CMakeError.log".
> Makefile:644: recipe for target 'vpp-configure' failed
> make[1]: *** [vpp-configure] Error 1
> make[1]: Leaving directory '/root/vpp/build-root'
> Makefile:367: recipe for target 'build' failed
> make: *** [build] Error 2
>
> CMakeFiles/CMakeOutput.log: https://termbin.com/fhaz
> CMakeFiles/CMakeError.log: https://termbin.com/pkh7d
>
> Thanks
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
>
> View/Reply Online (#13757): https://lists.fd.io/g/vpp-dev/message/13757
> Mute This Topic: https://lists.fd.io/mt/32893039/675621
> Group Owner: vpp-dev+ow...@lists.fd.io
> Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [carlitonu...@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#13758): https://lists.fd.io/g/vpp-dev/message/13758
Mute This Topic: https://lists.fd.io/mt/32893039/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Crash when using dns_name_server

2019-08-16 Thread carlito nueno 
Hi Dave,

Thanks for the patch. I merged your edits and compiled a debug version
using stable/1908 as base.

Every time a make a ping request from a LAN device, VPP is restarting.
Sometimes vppctl just hangs, but when I do get into vppctl, if I run a
command (ex: sh nat44 address), VPP again restarts.

I know this information is not that helpful. Please let me know what
information you need and, I can also run more tests.

Thanks!


On Thu, Aug 15, 2019 at 12:20 PM Dave Barach via Lists.Fd.Io
 wrote:
>
> See https://jira.fd.io/browse/VPP-1746, and 
> https://gerrit.fd.io/r/c/vpp/+/21338 which fixes gross non-operation of the 
> name resolver.
>
>
>
> Process created on demand, with node index in the main_t. Needed to remove 
> the static vlib_node_registration_t and use dm->resolver_process_node_index 
> vs. unused_mumble_registration.node_index.
>
>
>
> Passing 0 when signaling name resolution events couldn’t possibly work.
>
>
>
> D.
>
>
>
> From: vpp-dev@lists.fd.io  On Behalf Of Dave Barach via 
> Lists.Fd.Io
> Sent: Thursday, August 15, 2019 2:54 PM
> To: anoopnairh...@gmail.com; vpp-dev@lists.fd.io
> Cc: vpp-dev@lists.fd.io
> Subject: Re: [vpp-dev] Crash when using dns_name_server
>
>
>
> Folks,
>
>
>
> I’ll look at these issues. It would be helpful if people would contribute 
> patches, or at least write Jira tickets. If we don’t know it’s broken, it 
> won’t get fixed...
>
>
>
> To level-set: the DNS name resolver has been lightly used. Nothing would 
> surprise me at this point.
>
>
>
> D.
>
>
>
> From: vpp-dev@lists.fd.io  On Behalf Of 
> anoopnairh...@gmail.com
> Sent: Thursday, August 15, 2019 1:07 PM
> To: vpp-dev@lists.fd.io
> Subject: Re: [vpp-dev] Crash when using dns_name_server
>
>
>
> Hi Carlio,
> I had faced a similar crash with DNS module while resolving names.
>
> The dns_cache_lock is in locked state after initialization. Because of this 
> the first worker thread which attempts to take this lock will find it in 
> "locked" state and spin forever. So the main thread panics when it tries for 
> barrier sync.  Attached the patch which solved my problem
>
> I could find couple of other issues in the DNS module and the patch has the 
> fix for them as well.
>
> - DNS lock is not released while processing dns request -> causes deadlock
>
> - resolve a name from VAT when there is no server configured  -> crash 
> due to a NULL pointer deference
>
> - delete_random_entry() is invoked while holding DNS lock -> a potential 
> deadlock
>
> Please check if it helps you.
>
> thanks
> Anoop
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
>
> View/Reply Online (#13754): https://lists.fd.io/g/vpp-dev/message/13754
> Mute This Topic: https://lists.fd.io/mt/32881233/675621
> Group Owner: vpp-dev+ow...@lists.fd.io
> Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [carlitonu...@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#13771): https://lists.fd.io/g/vpp-dev/message/13771
Mute This Topic: https://lists.fd.io/mt/32881233/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Build errors

2019-08-16 Thread carlito nueno 
Hi Dave,

It worked! Really appreciate the help :)

I learned a lot about git, never new about the bare feature.

On Fri, Aug 16, 2019 at 5:11 AM Dave Barach (dbarach)  wrote:
>
> That setup will cause no end of pain if your git chops aren't up to it. I 
> guess you've already discovered that. If you do things in a more normal way, 
> you won't have to add tags or argue with the build system.
>
> A more straightforward way to work - which I use myself - goes like so:
>
> Create a local bare clone [mirror] of the gerrit.fd.io upstream.
>
> Clone the local mirror into a working tree.
>
> In the working tree, check out the base branch you want to work on - 19.08, 
> master, or one of the other release branches - and create a private branch:
>
> $ git checkout -b mystuff origin/stable/1908 # note that the local bare clone 
> / mirror IS "origin" in this setup
>
> Add code, work, commit locally.
>
> Push your private branch into the local bare clone / mirror:
>
> $ git push origin mystuff
>
> Picking up changes from gerrit.fd.io is simple:
>
> In the local bare clone/mirror, "git fetch" # pulls all new commits on all 
> branches from gerrit.fd.io
>
> In the working tree: "git checkout ; git pull"
>
> To integrate upstream changes into your branch: "git checkout mybranch; git 
> rebase master" or "git checkout mybranch; git merge master". Test, and then 
> "git push origin mybranch".
>
> Make sure to back up the local bare clone / mirror, since that's the single 
> source of "mybranch" truth.
>
> If you want to s/local bare mirror/github/ you can do that, but you'll have 
> to navigate roughly twice the number of tools to get the same result.
>
> FWIW... Dave
>
> -Original Message-
> From: vpp-dev@lists.fd.io  On Behalf Of carlito nueno
> Sent: Friday, August 16, 2019 12:58 AM
> To: Carlito Nueno 
> Cc: vpp-dev@lists.fd.io
> Subject: Re: [vpp-dev] Build errors
>
> Hi all,
>
> I think I found the problem.
>
> fatal: ambiguous argument 'v1.19-rc0..': unknown revision or path not in the 
> working tree.
>
> Here are steps I did:
> - I forked `stable/1908` branch and added some code to it.
> - Now my branch is `test-stable/1908`
> - I tagged my branch with `v1.19.08`.
> - I pushed the VPP master and my branch to github.
> - On my build server, I cloned my repo `github.com/carnu/vpp.git`
> - I checked out `v1.19.08`
>
> I am not well versed with git. Please let me know how I can compile after 
> adding custom code.
>
> Really appreciate it!
>
> On Thu, Aug 15, 2019 at 5:44 PM carlito nueno via Lists.Fd.Io 
>  wrote:
> >
> > I am getting the same error with: build-root/vagrant/build.sh
> >
> > On Thu, Aug 15, 2019 at 5:21 PM carlito nueno via Lists.Fd.Io
> >  wrote:
> > >
> > > Hi all,
> > >
> > > I am following this guide to build VPP:
> > > https://wiki.fd.io/view/VPP/Pulling,_Building,_Running,_Hacking_and_
> > > Pushing_VPP_Code
> > >
> > > I added a patch to stable/1908 branch using ubuntu 18.04LTS running
> > > as ROOT user
> > >
> > > I followed these steps:
> > > apt-get update
> > > apt-get install build-essential
> > > make install-dep
> > > make install-ext-deps
> > > make build
> > >
> > > When I do make install-ext-deps, I get these errors:
> > >
> > > dpkg-buildpackage: warning: debian/changelog(l1): version '-0' is
> > > invalid: upstream version cannot be empty
> > > LINE: vpp-ext-deps (-0) unstable; urgency=low
> > > dpkg-buildpackage: info: source package vpp-ext-deps
> > > dpkg-buildpackage: info: source version unknown
> > > dpkg-buildpackage: error: version number does not start with digit
> > > Makefile:72: recipe for target 'vpp-ext-deps_-0_amd64.deb' failed
> > > make[2]: *** [vpp-ext-deps_-0_amd64.deb] Error 255
> > > make[2]: Leaving directory '/root/vpp/build/external'
> > > Makefile:79: recipe for target 'install-deb' failed
> > > make[1]: *** [install-deb] Error 2
> > > make[1]: Leaving directory '/root/vpp/build/external'
> > > Makefile:540: recipe for target 'install-ext-deps' failed
> > > make: *** [install-ext-deps] Error 2
> > >
> > > when I do make build, I get these errors
> > >
> > > -- Configuration:
> > > VPP version :
> > > VPP library version : NOTFOUND
> > > GIT toplevel dir: /root/vpp
> > > Build type  :
> > > C flags : -Wno-address-of-packe

Re: [vpp-dev] Crash when using dns_name_server

2019-08-21 Thread carlito nueno 
Hi Dave,

Sorry about the late reply.

I used below configs to eliminate most of the complexity. I did not see
binary-api being truncated.

Steps:
1. I used basic vpp.conf (see below) without the dns_name_server commands
2. gdb run -c /etc/vpp/startup.conf (see below)
3. sudo vppctl
4. Entered dns_name_server commands manually
5. ping google.com
6. vpp crash

Outputs collected: gbd run, gdb backtrace, syslog

*Step 4: DNS cache output*

vpp# nat44 add identity mapping external TenGigabitEthernet8/0/0 udp 53053
vpp# bin dns_name_server_add_del 8.8.8.8
vpp# bin dns_enable_disable
vpp# sh dns cache verbose
DNS cache contains 15 entries
bserver-1.kbfs.keybaseapi.com -> bserver-1.kbfs.keybaseapi.com:
34.235.251.175 [59] 52.54.47.119 [59]   TTL left 593.7
mdserver-0.kbfs.keybaseapi.com -> mdserver-0.kbfs.keybaseapi.com:
34.225.12.137 [45] 34.197.228.196 [45]   TTL left 593.7
vortex.data.microsoft.com -> vortex.data.microsoft.com: 64.4.54.254
[263]   TTL left 593.9
api.keybase.io -> api.keybase.io: 35.153.89.209 [34] 52.4.215.1 [34]
TTL left 594.0
push.apple.com -> push.apple.com:   TTL left 594.4
api.dropboxapi.com -> api.dropboxapi.com: 162.125.7.7 [59]   TTL left
595.0
people-pa.clients6.google.com -> people-pa.clients6.google.com:
172.217.6.42 [240]   TTL left 595.0
bolt.dropbox.com -> bolt.dropbox.com: 162.125.34.129 [59]   TTL left
595.1
www.google.com -> www.google.com: 172.217.0.36 [263]   TTL left 595.1
play.google.com -> play.google.com: 172.217.5.110 [27]   TTL left 595.4
mail.google.com -> mail.google.com: 172.217.6.37 [299]   TTL left 595.5
gateway-carry.icloud.com -> gateway-carry.icloud.com: 17.248.128.151
[59] 17.248.128.168 [59] 17.248.128.169 [59] 17.248.128.171 [59]
17.248.128.178 [59] 17.248.128.232 [59] 17.248.128.172 [59] 17.248.128.142
[59]   TTL left 595.5
push.services.mozilla.com -> push.services.mozilla.com: 35.164.35.9
[56]   TTL left 599.5
0.client-channel.google.com -> 0.client-channel.google.com:
74.125.28.189 [239]   TTL left 599.6
airtable.com -> airtable.com: 3.221.153.172 [35] 34.193.210.213 [35]
52.22.150.146 [35]   TTL left 599.6


*Step 2: gdb run*

(gdb) run -c /etc/vpp/startup.conf
Starting program: /usr/bin/vpp -c /etc/vpp/startup.conf
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
vlib_plugin_early_init:361: plugin path
/usr/lib/x86_64-linux-gnu/vpp_plugins:/usr/lib/vpp_plugins
load_one_plugin:189: Loaded plugin: abf_plugin.so (Access Control List
(ACL) Based Forwarding)
load_one_plugin:189: Loaded plugin: acl_plugin.so (Access Control Lists
(ACL))
load_one_plugin:189: Loaded plugin: avf_plugin.so (Intel Adaptive Virtual
Function (AVF) Device Driver)
load_one_plugin:189: Loaded plugin: cdp_plugin.so (Cisco Discovery Protocol
(CDP))
load_one_plugin:189: Loaded plugin: crypto_ia32_plugin.so (Intel IA32
Software Crypto Engine)
load_one_plugin:189: Loaded plugin: crypto_ipsecmb_plugin.so (Intel IPSEC
Multi-buffer Crypto Engine)
load_one_plugin:189: Loaded plugin: crypto_openssl_plugin.so (OpenSSL
Crypto Engine)
load_one_plugin:189: Loaded plugin: ct6_plugin.so (IPv6 Connection Tracker)
load_one_plugin:189: Loaded plugin: dpdk_plugin.so (Data Plane Development
Kit (DPDK))
load_one_plugin:189: Loaded plugin: flowprobe_plugin.so (Flow per Packet)
load_one_plugin:189: Loaded plugin: gbp_plugin.so (Group Based Policy (GBP))
load_one_plugin:189: Loaded plugin: gtpu_plugin.so (GPRS Tunnelling
Protocol, User Data (GTPv1-U))
load_one_plugin:189: Loaded plugin: hs_apps_plugin.so (Host Stack
Applications)
load_one_plugin:189: Loaded plugin: http_static_plugin.so (HTTP Static
Server)
load_one_plugin:189: Loaded plugin: igmp_plugin.so (Internet Group
Management Protocol (IGMP))
load_one_plugin:189: Loaded plugin: ikev2_plugin.so (Internet Key Exchange
(IKEv2) Protocol)
load_one_plugin:189: Loaded plugin: ila_plugin.so (Identifier Locator
Addressing (ILA) for IPv6)
load_one_plugin:189: Loaded plugin: ioam_plugin.so (Inbound Operations,
Administration, and Maintenance (OAM))
load_one_plugin:117: Plugin disabled (default): ixge_plugin.so
load_one_plugin:189: Loaded plugin: l2e_plugin.so (Layer 2 (L2) Emulation)
load_one_plugin:189: Loaded plugin: l3xc_plugin.so (L3 Cross-Connect (L3XC))
load_one_plugin:189: Loaded plugin: lacp_plugin.so (Link Aggregation
Control Protocol (LACP))
load_one_plugin:189: Loaded plugin: lb_plugin.so (Load Balancer (LB))
load_one_plugin:189: Loaded plugin: mactime_plugin.so (Time-based MAC
Source Address Filter)
load_one_plugin:189: Loaded plugin: map_plugin.so (Mapping of Address and
Port (MAP))
load_one_plugin:189: Loaded plugin: memif_plugin.so (Packet Memory
Interface (memif) -- Experimental)
load_one_plugin:189: Loaded plugin: nat_plugin.so (Network Address
Translation (NAT))
load_one_plugin:189: Loaded plugin: nsh_plugin.so (Network Service Header
(NSH))
load_one_plugin:189: Loaded plugin: nsim_plugin.so (Network Delay

Re: [vpp-dev] Crash when using dns_name_server

2019-08-22 Thread carlito nueno 
Thanks Dave! Let me know if you need me do more tests or gather more info.

On Thu, Aug 22, 2019 at 4:48 AM Dave Barach (dbarach) 
wrote:

> Ack. The DNS server has had *zero* multi-core testing, aside from what
> you’ve done. I’ll look at it when I can.
>
>
>
> *From:* Carlito Nueno 
> *Sent:* Wednesday, August 21, 2019 10:03 PM
> *To:* Dave Barach (dbarach) 
> *Cc:* vpp-dev@lists.fd.io
> *Subject:* Re: [vpp-dev] Crash when using dns_name_server
>
>
>
> Hi Dave,
>
> Sorry about the late reply.
>
> I used below configs to eliminate most of the complexity. I did not see
> binary-api being truncated.
>
> Steps:
> 1. I used basic vpp.conf (see below) without the dns_name_server commands
> 2. gdb run -c /etc/vpp/startup.conf (see below)
> 3. sudo vppctl
> 4. Entered dns_name_server commands manually
> 5. ping google.com
> 6. vpp crash
>
> Outputs collected: gbd run, gdb backtrace, syslog
>
> *Step 4: DNS cache output*
>
> vpp# nat44 add identity mapping external TenGigabitEthernet8/0/0 udp 53053
> vpp# bin dns_name_server_add_del 8.8.8.8
> vpp# bin dns_enable_disable
> vpp# sh dns cache verbose
> DNS cache contains 15 entries
> bserver-1.kbfs.keybaseapi.com -> bserver-1.kbfs.keybaseapi.com:
> 34.235.251.175 [59] 52.54.47.119 [59]   TTL left 593.7
> mdserver-0.kbfs.keybaseapi.com -> mdserver-0.kbfs.keybaseapi.com:
> 34.225.12.137 [45] 34.197.228.196 [45]   TTL left 593.7
> vortex.data.microsoft.com -> vortex.data.microsoft.com: 64.4.54.254
> [263]   TTL left 593.9
> api.keybase.io -> api.keybase.io: 35.153.89.209 [34] 52.4.215.1 [34]
>   TTL left 594.0
> push.apple.com -> push.apple.com:   TTL left 594.4
> api.dropboxapi.com -> api.dropboxapi.com: 162.125.7.7 [59]   TTL left
> 595.0
> people-pa.clients6.google.com -> people-pa.clients6.google.com:
> 172.217.6.42 [240]   TTL left 595.0
> bolt.dropbox.com -> bolt.dropbox.com: 162.125.34.129 [59]   TTL left
> 595.1
> www.google.com -> www.google.com: 172.217.0.36 [263]   TTL left 595.1
> play.google.com -> play.google.com: 172.217.5.110 [27]   TTL left
> 595.4
> mail.google.com -> mail.google.com: 172.217.6.37 [299]   TTL left
> 595.5
> gateway-carry.icloud.com -> gateway-carry.icloud.com: 17.248.128.151
> [59] 17.248.128.168 [59] 17.248.128.169 [59] 17.248.128.171 [59]
> 17.248.128.178 [59] 17.248.128.232 [59] 17.248.128.172 [59] 17.248.128.142
> [59]   TTL left 595.5
> push.services.mozilla.com -> push.services.mozilla.com: 35.164.35.9
> [56]   TTL left 599.5
> 0.client-channel.google.com -> 0.client-channel.google.com:
> 74.125.28.189 [239]   TTL left 599.6
> airtable.com -> airtable.com: 3.221.153.172 [35] 34.193.210.213 [35]
> 52.22.150.146 [35]   TTL left 599.6
>
>
> *Step 2: gdb run*
>
> (gdb) run -c /etc/vpp/startup.conf
> Starting program: /usr/bin/vpp -c /etc/vpp/startup.conf
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
> vlib_plugin_early_init:361: plugin path
> /usr/lib/x86_64-linux-gnu/vpp_plugins:/usr/lib/vpp_plugins
> load_one_plugin:189: Loaded plugin: abf_plugin.so (Access Control List
> (ACL) Based Forwarding)
> load_one_plugin:189: Loaded plugin: acl_plugin.so (Access Control Lists
> (ACL))
> load_one_plugin:189: Loaded plugin: avf_plugin.so (Intel Adaptive Virtual
> Function (AVF) Device Driver)
> load_one_plugin:189: Loaded plugin: cdp_plugin.so (Cisco Discovery
> Protocol (CDP))
> load_one_plugin:189: Loaded plugin: crypto_ia32_plugin.so (Intel IA32
> Software Crypto Engine)
> load_one_plugin:189: Loaded plugin: crypto_ipsecmb_plugin.so (Intel IPSEC
> Multi-buffer Crypto Engine)
> load_one_plugin:189: Loaded plugin: crypto_openssl_plugin.so (OpenSSL
> Crypto Engine)
> load_one_plugin:189: Loaded plugin: ct6_plugin.so (IPv6 Connection Tracker)
> load_one_plugin:189: Loaded plugin: dpdk_plugin.so (Data Plane Development
> Kit (DPDK))
> load_one_plugin:189: Loaded plugin: flowprobe_plugin.so (Flow per Packet)
> load_one_plugin:189: Loaded plugin: gbp_plugin.so (Group Based Policy
> (GBP))
> load_one_plugin:189: Loaded plugin: gtpu_plugin.so (GPRS Tunnelling
> Protocol, User Data (GTPv1-U))
> load_one_plugin:189: Loaded plugin: hs_apps_plugin.so (Host Stack
> Applications)
> load_one_plugin:189: Loaded plugin: http_static_plugin.so (HTTP Static
> Server)
> load_one_plugin:189: Loaded plugin: igmp_plugin.so (Internet Group
> Management Protocol (IGMP))
> load_one_plugin:189: Loaded plugin: ikev2_plugin.so (Internet Key Exchange
> (IKEv2) Protocol)
> load_one_plugin:189: Loaded plugin: ila_plugin.so (Identifier Locator
> Addressing (

Re: [vpp-dev] Crash when using dns_name_server

2019-08-22 Thread carlito nueno 
Got it. I'll look at the refactor patch and, also try to apply the patch a
user posted on the old thread and test.

Thanks!

On Thu, Aug 22, 2019 at 9:11 AM Dave Barach (dbarach) 
wrote:

> NP, sorry for the issues, code simply not tested multi-core.
>
>
>
> BTW we just merged a refactor patch which converts the dns resolver into a
> plugin. Later this afternoon, I’ll do some multi-core testing. It may take
> a bit of work to repro and fix the problem you’ve reported.
>
>
>
> Dave
>
>
>
> *From:* Carlito Nueno 
> *Sent:* Thursday, August 22, 2019 10:55 AM
> *To:* Dave Barach (dbarach) 
> *Cc:* vpp-dev@lists.fd.io
> *Subject:* Re: [vpp-dev] Crash when using dns_name_server
>
>
>
> Thanks Dave! Let me know if you need me do more tests or gather more info.
>
>
>
> On Thu, Aug 22, 2019 at 4:48 AM Dave Barach (dbarach) 
> wrote:
>
> Ack. The DNS server has had *zero* multi-core testing, aside from what
> you’ve done. I’ll look at it when I can.
>
>
>
> *From:* Carlito Nueno 
> *Sent:* Wednesday, August 21, 2019 10:03 PM
> *To:* Dave Barach (dbarach) 
> *Cc:* vpp-dev@lists.fd.io
> *Subject:* Re: [vpp-dev] Crash when using dns_name_server
>
>
>
> Hi Dave,
>
> Sorry about the late reply.
>
> I used below configs to eliminate most of the complexity. I did not see
> binary-api being truncated.
>
> Steps:
> 1. I used basic vpp.conf (see below) without the dns_name_server commands
> 2. gdb run -c /etc/vpp/startup.conf (see below)
> 3. sudo vppctl
> 4. Entered dns_name_server commands manually
> 5. ping google.com
> 6. vpp crash
>
> Outputs collected: gbd run, gdb backtrace, syslog
>
> *Step 4: DNS cache output*
>
> vpp# nat44 add identity mapping external TenGigabitEthernet8/0/0 udp 53053
> vpp# bin dns_name_server_add_del 8.8.8.8
> vpp# bin dns_enable_disable
> vpp# sh dns cache verbose
> DNS cache contains 15 entries
> bserver-1.kbfs.keybaseapi.com -> bserver-1.kbfs.keybaseapi.com:
> 34.235.251.175 [59] 52.54.47.119 [59]   TTL left 593.7
> mdserver-0.kbfs.keybaseapi.com -> mdserver-0.kbfs.keybaseapi.com:
> 34.225.12.137 [45] 34.197.228.196 [45]   TTL left 593.7
> vortex.data.microsoft.com -> vortex.data.microsoft.com: 64.4.54.254
> [263]   TTL left 593.9
> api.keybase.io -> api.keybase.io: 35.153.89.209 [34] 52.4.215.1 [34]
>   TTL left 594.0
> push.apple.com -> push.apple.com:   TTL left 594.4
> api.dropboxapi.com -> api.dropboxapi.com: 162.125.7.7 [59]   TTL left
> 595.0
> people-pa.clients6.google.com -> people-pa.clients6.google.com:
> 172.217.6.42 [240]   TTL left 595.0
> bolt.dropbox.com -> bolt.dropbox.com: 162.125.34.129 [59]   TTL left
> 595.1
> www.google.com -> www.google.com: 172.217.0.36 [263]   TTL left 595.1
> play.google.com -> play.google.com: 172.217.5.110 [27]   TTL left
> 595.4
> mail.google.com -> mail.google.com: 172.217.6.37 [299]   TTL left
> 595.5
> gateway-carry.icloud.com -> gateway-carry.icloud.com: 17.248.128.151
> [59] 17.248.128.168 [59] 17.248.128.169 [59] 17.248.128.171 [59]
> 17.248.128.178 [59] 17.248.128.232 [59] 17.248.128.172 [59] 17.248.128.142
> [59]   TTL left 595.5
> push.services.mozilla.com -> push.services.mozilla.com: 35.164.35.9
> [56]   TTL left 599.5
> 0.client-channel.google.com -> 0.client-channel.google.com:
> 74.125.28.189 [239]   TTL left 599.6
> airtable.com -> airtable.com: 3.221.153.172 [35] 34.193.210.213 [35]
> 52.22.150.146 [35]   TTL left 599.6
>
>
> *Step 2: gdb run*
>
> (gdb) run -c /etc/vpp/startup.conf
> Starting program: /usr/bin/vpp -c /etc/vpp/startup.conf
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
> vlib_plugin_early_init:361: plugin path
> /usr/lib/x86_64-linux-gnu/vpp_plugins:/usr/lib/vpp_plugins
> load_one_plugin:189: Loaded plugin: abf_plugin.so (Access Control List
> (ACL) Based Forwarding)
> load_one_plugin:189: Loaded plugin: acl_plugin.so (Access Control Lists
> (ACL))
> load_one_plugin:189: Loaded plugin: avf_plugin.so (Intel Adaptive Virtual
> Function (AVF) Device Driver)
> load_one_plugin:189: Loaded plugin: cdp_plugin.so (Cisco Discovery
> Protocol (CDP))
> load_one_plugin:189: Loaded plugin: crypto_ia32_plugin.so (Intel IA32
> Software Crypto Engine)
> load_one_plugin:189: Loaded plugin: crypto_ipsecmb_plugin.so (Intel IPSEC
> Multi-buffer Crypto Engine)
> load_one_plugin:189: Loaded plugin: crypto_openssl_plugin.so (OpenSSL
> Crypto Engine)
> load_one_plugin:189: Loaded plugin: ct6_plugin.so (IPv6 Connection Tracker)
> load_one_plugin:189: Loaded plugin: dpdk_plugin.

[vpp-dev] Help with NAT44 and running out of sessions

2019-08-22 Thread carlito nueno 
Hi all,

I am running VPP as a gateway and am using NAT44.

*vpp.conf*

set int state TenGigabitEthernet8/0/0 up
set int state GigabitEthernet2/0/0 up
set int state GigabitEthernet3/0/0 up

set int ip address TenGigabitEthernet8/0/0 72.77.156.155/29
ip route add 0.0.0.0/0 via 72.77.156.158

loopback create
set int l2 bridge loop0 1 bvi
set int ip address loop0 10.155.6.1/24
set int state loop0 up

set int l2 bridge GigabitEthernet2/0/0 1
set int l2 bridge GigabitEthernet3/0/0 1

nat44 add interface address TenGigabitEthernet8/0/0
set interface nat44 in loop0 out TenGigabitEthernet8/0/0


*With Simple NAT*

startup.conf

nat {
  translation hash buckets 1048576
  max translations per user 500
}

When translations for a user hit 500, old connections are being dropped as
new connections are being established. Guess this is working as it's
supposed to.

But it's reaching max limit and I have to restart VPP

NAT44 pool addresses:
72.77.156.158
  tenant VRF independent
  16747 busy udp ports
  64511 busy tcp ports
  798 busy icmp ports

As you can, tcp port number is 64k.

*With Endpoint-dependent NAT*

startup.conf

nat {
  translation hash buckets 1048576
  max translations per user 500
  endpoint-dependent
}

I am receiving below message:
nat: max translations per user 10.1.6.47
nat: create NAT session failed

When translations for a user hit 500, no new connections are being
established. Until, some old connections are closed and I refresh my
browser to establish new connection. Guess this is working as intended also.

How can set VPP as gateway to support large number of devices behind NAT?

Thanks!
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#13823): https://lists.fd.io/g/vpp-dev/message/13823
Mute This Topic: https://lists.fd.io/mt/32992624/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] sh hardware-interfaces extended stats are not showing up

2019-08-28 Thread carlito nueno 
Hi David,

I tried "vppctl interface collect detailed-stats enable" but it doesn't
work.

I will git bisect as Damjan mentioned and try to see what changed.

Thanks

On Wed, Aug 28, 2019 at 8:00 AM Damjan Marion via Lists.Fd.Io  wrote:

>
> It is not intentional so somebody needs to debug it… "git bisect" might be
> good choice here.
>
> On 28 Aug 2019, at 13:50, Devis Reagan  wrote:
>
> Can any one help on this ? Extended stats not shown  in vpp 19.08 via
> ‘show hardware-interfaces’ command
>
> Thanks
>
> On Tue, Aug 27, 2019 at 12:49 PM Devis Reagan via Lists.Fd.Io
> <http://lists.fd.io/>  wrote:
>
>> Even I am using vpp 19.08 & don’t see the extended stats which I used to
>> see in other vpp release .
>> There was not change in the configuration but with vpp 19.08 it’s not
>> showing up .
>>
>> When I use dpdk application called testpmd the extended stats just show
>> up fine . It’s only the vpp not showing it .
>>
>> Do we need to configure any thing to get it ?
>>
>> Note : In the release note of 19.08 I saw some changes gone in for
>> extended stats .
>>
>> Thanks
>>
>>
>> On Tue, Aug 27, 2019 at 7:12 AM David Cornejo  wrote:
>>
>>> did you make sure that you have detailed stats collection enabled for
>>> the interface?
>>>
>>> (see vl_api_collect_detailed_interface_stats_t)
>>>
>>> On Mon, Aug 26, 2019 at 2:24 PM carlito nueno 
>>> wrote:
>>> >
>>> > Hi all,
>>> >
>>> > I am using: vpp v19.08-release built by root on 365637461ad3 at Wed
>>> Aug 21 18:20:49 UTC 2019
>>> >
>>> > When I do sh hardware-interfaces or sh hardware-interfaces detail or
>>> verbose, extended stats are not showing.
>>> >
>>> > On 19.08 I only see stats like below:
>>> >
>>> > rss active:none
>>> > tx burst function: eth_igb_xmit_pkts
>>> > rx burst function: eth_igb_recv_scattered_pkts
>>> >
>>> > tx frames ok   26115
>>> > tx bytes ok 34203511
>>> > rx frames ok   12853
>>> > rx bytes ok  1337944
>>> >
>>> > On 19.04 I am able to see:
>>> >
>>> > rss active:none
>>> > tx burst function: eth_igb_xmit_pkts
>>> > rx burst function: eth_igb_recv_scattered_pkts
>>> >
>>> > tx frames ok21535933
>>> > tx bytes ok  21806938127
>>> > rx frames ok13773533
>>> > rx bytes ok   3642009224
>>> > extended stats:
>>> >   rx good packets   13773533
>>> >   tx good packets   21535933
>>> >   rx good bytes   3642009224
>>> >   tx good bytes  21806938127
>>> >   rx size 64 packets 1171276
>>> >   rx size 65 to 127 packets  8462547
>>> >   rx size 128 to 255 packets 1506266
>>> >   rx size 256 to 511 packets  606052
>>> >   rx size 512 to 1023 packets 560122
>>> >   rx size 1024 to max packets1467270
>>> >   rx broadcast packets383890
>>> >   rx multicast packets291769
>>> >   rx total packets  13773533
>>> >   tx total packets  21535933
>>> >   rx total bytes  3642009224
>>> >   tx total bytes 21806938127
>>> >   tx size 64 packets  397270
>>> >   tx size 65 to 127 packets  3649953
>>> >   tx size 128 to 255 packets 1817099
>>> >   tx size 256 to 511 packets  976902
>>> >   tx size 512 to 1023 packets 773963
>>> >   tx size 1023 to max packets   13920746
>>> >   tx multicast packets

[vpp-dev] WAN Failover

2019-08-09 Thread carlito nueno 
Hi all,

I am using VPP (19.04.1) as a gateway and I have two WAN connections.
I want to setup failover with the two WAN interfaces.

Example:
1. Connection on WAN-0 is lost (due to ISP being down)
2. WAN-1 becomes the new primary connection and traffic flows via WAN-1
3. WAN-0 is back up
4. WAN-0 becomes the primary connection and all traffic from WAN-1 now
flows via WAN-0

I setup bond interface and NAT44. It sort of works. When WAN-0 is
unplugged, WAN-1 become primary but when WAN-0 is plugged back in,
WAN-1 remains the primary.

But I want the primary to switch when traffic fails to traverse not
when the cable is physically unplugged.

startup.conf
---
vdev eth_bond0,mode=0,slave=:05:00.0,slave=:04:00.0


vpp.conf

set int state BondEthernet0 up
set int ip address BondEthernet0 10.100.1.2/24
set int ip address BondEthernet0 10.200.1.2/24
ip route add 0.0.0.0/0 via 10.100.1.1 BondEthernet0
ip route add 0.0.0.0/0 via 10.200.1.1 BondEthernet0

set int state lan0 up
set int state lan1 up

nat44 add interface address BondEthernet0
set interface nat44 in lan0 in lan1 out BondEthernet0

Let me know if you need more information.

Really appreciate the help!
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#13706): https://lists.fd.io/g/vpp-dev/message/13706
Mute This Topic: https://lists.fd.io/mt/32817575/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] Question regarding NAT44 endpoint-dependent

2019-09-30 Thread carlito nueno 
Hi all,

Does anyone have advice regarding this issue?

Thanks!

On Wed, Sep 25, 2019 at 1:46 PM carlito nueno via Lists.Fd.Io  wrote:

> Hi all,
>
> I am trouble with endpoint-dependent NAT. I am running out of tcp
> connections. Also, sessions are not deleted after the NAT timeout period.
>
> Number of sessions remain almost the same every after no usage for a day
> or so.
>
> Here are the stats, nat config and timeouts:
> https://gist.github.com/ironpillow/5512e23831827eaf12a6295c0be9b3c8
>
> startup.conf
> nat {
>   translation hash buckets 1048576
>   translation hash memory 268435456
>   user hash buckets 250
>   max translations per user 2
>   endpoint-dependent
> }
>
> vpp# sh nat timeouts
> udp timeout: 300sec
> tcp-established timeout: 7440sec
> tcp-transitory timeout: 240sec
> icmp timeout: 60sec
>
> In the above link you can see the nat44 sessions, total tcp and udp
> sessions and hash tables.
>
> Let me know if you need more logs or info.
>
> Any advice?
> Thanks!
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
>
> View/Reply Online (#14055): https://lists.fd.io/g/vpp-dev/message/14055
> Mute This Topic: https://lists.fd.io/mt/34291952/675621
> Group Owner: vpp-dev+ow...@lists.fd.io
> Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [carlitonu...@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#14095): https://lists.fd.io/g/vpp-dev/message/14095
Mute This Topic: https://lists.fd.io/mt/34291952/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] nat44 bug - created nat sessions aren't automatically cleaned up

2019-10-31 Thread carlito nueno 
Hi Filip,

Thank you! I can do some tests if you want.

On Thu, Oct 31, 2019 at 7:14 AM Filip Varga -X (fivarga - PANTHEON TECH SRO
at Cisco)  wrote:

> Hi,
>
>
>
> We have registred this issue int NAT plugin and i am already working on
> solving the issue. If you need to post any additional content please do so
> on jira issue VPP-1795 (https://jira.fd.io/browse/VPP-1795). You can
> monitor progress through the jira ticket.
>
>
>
> Thank you.
>
>
>
> Best regards,
>
> Filip Varga
>
>
>
>
>
> [image:
> https://www.cisco.com/c/dam/m/en_us/signaturetool/images/logo/Cisco_Logo_no_TM_Cisco_Blue-RGB_43px.png]
>
> *Filip Varga*
>
> Engineer - Software
>
> fiva...@cisco.com
>
> Tel:
>
>
>
>
>
>
>
>
>
> Cisco Systems, Inc.
>
>
>
>
>
>
>
> Slovakia
>
> cisco.com
>
> [image: http://www.cisco.com/assets/swa/img/thinkbeforeyouprint.gif]
>
> Think before you print.
>
> This email may contain confidential and privileged material for the sole
> use of the intended recipient. Any review, use, distribution or disclosure
> by others is strictly prohibited. If you are not the intended recipient (or
> authorized to receive for the recipient), please contact the sender by
> reply email and delete all copies of this message.
>
> Please click here
> 
> for Company Registration Information.
>
>
>
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#14449): https://lists.fd.io/g/vpp-dev/message/14449
Mute This Topic: https://lists.fd.io/mt/3887/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] nat44 bug - created nat sessions aren't automatically cleaned up

2019-10-29 Thread carlito nueno 
Hi Brayan,

I am having the same issue as well. Unfortunately, I am not familiar with
NAT code, so am not able to fix the issue.

My previous threads:
https://lists.fd.io/g/vpp-dev/message/14353
https://lists.fd.io/g/vpp-dev/message/14055

Hope we can consolidate all those into one thread.

Thanks!

On Mon, Oct 28, 2019 at 1:41 AM brayan ortega 
wrote:

> Dear VPP Folks,
>
> I checked vpp behavior when nat is enabled. I'm using vpp version of
> v20.01-rc0 on master branch.
>
> I configured a simple nat scenario with nat44.
> My config is shown below:
>
>   vppctl set int state GigabitEthernet13/0/0 up
>   vppctl set int state GigabitEthernet14/0/0 up
>   vppctl set int ip address GigabitEthernet13/0/0 2.2.2.1/24
>   vppctl set int ip address GigabitEthernet14/0/0 3.3.3.1/24
>   vppctl ip route add 16.0.0.0/16 via 3.3.3.3
>   vppctl ip route add 48.0.0.0/16 via 2.2.2.2
>   vppctl nat44 add address 20.20.20.20 - 20.20.20.30
>   vppctl set interface nat44 out GigabitEthernet13/0/0 output-feature
>   vppctl nat44 forwarding enable
>
> I used Trex as traffic generator on my client. The problem was seen in
> this scenario is:
>  The nat sessions aren't clean up not only per time-out or expiration time
> but also when the session table is full. So, after a while, the Trex
> throughput reaches zero when nat session table is full.
>
> I use "vppctl sh nat44 sess" and "vppctl sh nat44 hash table" commands in
> order to check nat44 sessions status. sessions deletion has not happened
> never.
>
> Is there any config to enable the cleanup process in order to delete nat
> sessions? or this is nat44 bug?
>
> I appreciate your feedback in this regard,
>
> Best Regards,
> Brayan
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
>
> View/Reply Online (#14365): https://lists.fd.io/g/vpp-dev/message/14365
> Mute This Topic: https://lists.fd.io/mt/3887/675621
> Group Owner: vpp-dev+ow...@lists.fd.io
> Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [carlitonu...@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#14382): https://lists.fd.io/g/vpp-dev/message/14382
Mute This Topic: https://lists.fd.io/mt/3887/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] do not SNAT if forwarding enabled

2019-11-14 Thread carlito nueno 
Hi all,

Anyone get this working? When I enable nat44 forwarding, all NAT
translations stop working.

example - 110.21.22.12 is the IP address of my wan0.

I have:
set interface nat44 in loop0 out wan0

Without forwarding:
vpp# sh nat44 sessions
NAT44 sessions:
 thread 0 vpp_main: 2240 sessions 
  10.1.3.138: 1540 dynamic translations, 0 static translations
  10.1.3.135: 36 dynamic translations, 0 static translations
  10.1.3.125: 524 dynamic translations, 0 static translations
  10.1.1.2: 108 dynamic translations, 0 static translations
  10.1.3.174: 5 dynamic translations, 0 static translations
  10.1.3.169: 15 dynamic translations, 0 static translations
  10.1.3.62: 10 dynamic translations, 0 static translations
  10.1.2.203: 2 dynamic translations, 0 static translations

With forwarding:
vpp# sh nat44 sessions
NAT44 sessions:
 thread 0 vpp_main: 19 sessions 
  110.21.22.12: 19 dynamic translations, 0 static translations

Thanks

On Mon, Apr 15, 2019 at 1:29 AM Shahid Khan 
wrote:

> Hi Ole,
>
> any finding on it ? are u able to reproduce it ?
>
> -Shahid.
>
>
>
> On Thu, Apr 11, 2019 at 1:32 PM Shahid Khan via Lists.Fd.Io
>  wrote:
>
>> There is another physical port bridged to loop1 which is on
>> 192.168.15.0/24 network.
>> .the packets coming inside GRE tunnel are for 192.168.15.0/24
>> network.
>>
>> also just want to understand  why SNAT is blocked when forwarding is
>> enabled ?
>> someone might have a requirement to SNAT first and then do forward.
>>
>> when i comment the code as below, SNAT and GRE both works. but i don't
>> know how it will impact rest of code/functionality.
>>
>> static inline int
>> snat_not_translate (snat_main_t * sm, vlib_node_runtime_t * node,
>> u32 sw_if_index0, ip4_header_t * ip0, u32 proto0,
>> u32 rx_fib_index0, u32 thread_index)
>> {
>>   udp_header_t *udp0 = ip4_next_header (ip0);
>>   snat_session_key_t key0, sm0;
>>   clib_bihash_kv_8_8_t kv0, value0;
>>
>>   key0.addr = ip0->dst_address;
>>   key0.port = udp0->dst_port;
>>   key0.protocol = proto0;
>>   key0.fib_index = sm->outside_fib_index;
>>   kv0.key = key0.as_u64;
>>
>>   /* NAT packet aimed at external address if */
>>   /* has active sessions */
>>   if (clib_bihash_search_8_8 (>per_thread_data[thread_index].out2in,
>> ,
>>   ))
>> {
>>   /* or is static mappings */
>>   if (!snat_static_mapping_match (sm, key0, , 1, 0, 0, 0, 0, 0))
>> return 0;
>> }
>>   else
>> return 0;
>>
>> /*
>>   if (sm->forwarding_enabled)
>> return 1;
>> */
>>
>>   return snat_not_translate_fast (sm, node, sw_if_index0, ip0, proto0,
>>   rx_fib_index0);
>> }
>>
>>
>>
>> -Shahid.
>>
>>
>>
>>
>> On Thu, Apr 11, 2019 at 12:44 PM Ole Troan  wrote:
>>
>>> Shahid,
>>>
>>> Right, so the GRE packets shouldn’t go through the NAT at all.
>>> Are the GRE tunnel itself marked as inside?
>>>
>>> I should have thoguht this was supported with
>>> https://jira.fd.io/browse/VPP-447
>>> Let me see if I can reproduce.,
>>>
>>> Best regards,
>>> Ole
>>>
>>> > On 10 Apr 2019, at 12:55, Shahid Khan 
>>> wrote:
>>> >
>>> > Hi Ole,
>>> >
>>> > we have a bridge(loop0) with a private ip say 192.168.100.2/24.
>>> > a TAP is also connected to this bridge and other end of TAP is on host
>>> side.
>>> >
>>> > we have one physical interface connected to another bridge (loop1)
>>> with outside network ip of say 192.168.10.1/24
>>> > and a GRE tunnel is created having source as 192.168.10.1.
>>> >
>>> > Host has requirement to initiate sessions(tcp/udp) to outside network.
>>> so we have applied NAT as below.
>>> >
>>> > nat44 add interface address loop1
>>> > set interface nat44 in loop0 out loop1
>>> >
>>> > with this host can initiate session with outside network and SNAT
>>> works fine.
>>> >
>>> > But GRE does not work. we looked into traces and found that packet
>>> comming to GRE tunnels are getting dropped with  trace showing "unknown
>>> protocol".
>>> >
>>> > if we enable forwarding then GRE packets are getting forwarded to
>>> destination but now host is not able to initiate session to outside network
>>> because SNAT stops
>>> >
>>> > -Shahid.
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >
>>> > On Wed, Apr 10, 2019 at 2:33 PM Ole Troan 
>>> wrote:
>>> > Hi Shahid,
>>> >
>>> > What are you trying to achieve?
>>> > https://wiki.fd.io/view/VPP/NAT#Enable_or_disable_forwarding
>>> >
>>> > You do not typically enable the “forwarding” feature.
>>> >
>>> > Cheers,
>>> > Ole
>>> >
>>> > > On 8 Apr 2019, at 07:52, Shahid Khan 
>>> wrote:
>>> > >
>>> > > can someone look into below query ?
>>> > >
>>> > > -Shahid.
>>> > >
>>> > > On Wed, Apr 3, 2019 at 12:56 PM Shahid Khan via Lists.Fd.Io
>>>  wrote:
>>> > > Hi,
>>> > >
>>> > > can someone help us on below query ?
>>> > >
>>> > > -Shahid.
>>> > >
>>> > > On Mon, Apr 1, 2019 at 11:45 AM Shahid Khan via Lists.Fd.Io
>>>  wrote:
>>> > >
>>> > > I have

[vpp-dev] Question regarding NAT44 endpoint-dependent

2019-09-25 Thread carlito nueno 
Hi all,

I am trouble with endpoint-dependent NAT. I am running out of tcp
connections. Also, sessions are not deleted after the NAT timeout period.

Number of sessions remain almost the same every after no usage for a day or
so.

Here are the stats, nat config and timeouts:
https://gist.github.com/ironpillow/5512e23831827eaf12a6295c0be9b3c8

startup.conf
nat {
  translation hash buckets 1048576
  translation hash memory 268435456
  user hash buckets 250
  max translations per user 2
  endpoint-dependent
}

vpp# sh nat timeouts
udp timeout: 300sec
tcp-established timeout: 7440sec
tcp-transitory timeout: 240sec
icmp timeout: 60sec

In the above link you can see the nat44 sessions, total tcp and udp
sessions and hash tables.

Let me know if you need more logs or info.

Any advice?
Thanks!
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#14055): https://lists.fd.io/g/vpp-dev/message/14055
Mute This Topic: https://lists.fd.io/mt/34291952/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] sh hardware-interfaces extended stats are not showing up

2020-02-16 Thread carlito nueno 
Hi Damjan,

Sorry for the late reply. I tested it on v20.01 and this is now working.

Thanks!

On Fri, Sep 20, 2019 at 2:07 PM Damjan Marion  wrote:

>
> AFAIK it is fixed, please try latest master and report back if it doesn't
> work.
>
> On 20 Sep 2019, at 19:53, Devis Reagan  wrote:
>
> Hi David ,
>
> Is there any fix or work around for this extended stats issue
>
> Thanks
>
> On Thu, Aug 29, 2019 at 6:58 AM Carlito Nueno 
> wrote:
>
>> Hi David,
>>
>> I tried "vppctl interface collect detailed-stats enable" but it doesn't
>> work.
>>
>> I will git bisect as Damjan mentioned and try to see what changed.
>>
>> Thanks
>>
>> On Wed, Aug 28, 2019 at 8:00 AM Damjan Marion via Lists.Fd.Io
>> <http://lists.fd.io/>  wrote:
>>
>>>
>>> It is not intentional so somebody needs to debug it… "git bisect" might
>>> be good choice here.
>>>
>>> On 28 Aug 2019, at 13:50, Devis Reagan  wrote:
>>>
>>> Can any one help on this ? Extended stats not shown  in vpp 19.08 via
>>> ‘show hardware-interfaces’ command
>>>
>>> Thanks
>>>
>>> On Tue, Aug 27, 2019 at 12:49 PM Devis Reagan via Lists.Fd.Io
>>> <http://lists.fd.io/>  wrote:
>>>
>>>> Even I am using vpp 19.08 & don’t see the extended stats which I used
>>>> to see in other vpp release .
>>>> There was not change in the configuration but with vpp 19.08 it’s not
>>>> showing up .
>>>>
>>>> When I use dpdk application called testpmd the extended stats just show
>>>> up fine . It’s only the vpp not showing it .
>>>>
>>>> Do we need to configure any thing to get it ?
>>>>
>>>> Note : In the release note of 19.08 I saw some changes gone in for
>>>> extended stats .
>>>>
>>>> Thanks
>>>>
>>>>
>>>> On Tue, Aug 27, 2019 at 7:12 AM David Cornejo  wrote:
>>>>
>>>>> did you make sure that you have detailed stats collection enabled for
>>>>> the interface?
>>>>>
>>>>> (see vl_api_collect_detailed_interface_stats_t)
>>>>>
>>>>> On Mon, Aug 26, 2019 at 2:24 PM carlito nueno 
>>>>> wrote:
>>>>> >
>>>>> > Hi all,
>>>>> >
>>>>> > I am using: vpp v19.08-release built by root on 365637461ad3 at Wed
>>>>> Aug 21 18:20:49 UTC 2019
>>>>> >
>>>>> > When I do sh hardware-interfaces or sh hardware-interfaces detail or
>>>>> verbose, extended stats are not showing.
>>>>> >
>>>>> > On 19.08 I only see stats like below:
>>>>> >
>>>>> > rss active:none
>>>>> > tx burst function: eth_igb_xmit_pkts
>>>>> > rx burst function: eth_igb_recv_scattered_pkts
>>>>> >
>>>>> > tx frames ok   26115
>>>>> > tx bytes ok 34203511
>>>>> > rx frames ok   12853
>>>>> > rx bytes ok  1337944
>>>>> >
>>>>> > On 19.04 I am able to see:
>>>>> >
>>>>> > rss active:none
>>>>> > tx burst function: eth_igb_xmit_pkts
>>>>> > rx burst function: eth_igb_recv_scattered_pkts
>>>>> >
>>>>> > tx frames ok21535933
>>>>> > tx bytes ok  21806938127
>>>>> > rx frames ok13773533
>>>>> > rx bytes ok   3642009224
>>>>> > extended stats:
>>>>> >   rx good packets   13773533
>>>>> >   tx good packets   21535933
>>>>> >   rx good bytes   3642009224
>>>>> >   tx good bytes  21806938127
>>>>> >   rx size 64 packets 1171276
>>>>> >   rx size 65 to 127 packets  8462547
>>>>> >   rx size 128 to 255 packets 1506266
&

Re: [vpp-dev] DHCPClientDump/DHCPClientDetails not showing correct DomainServer

2020-03-25 Thread carlito nueno 
Hi all,

Any ideas I can try? I am not familiar with dhcp plugin.

Thanks.

On Mon, Mar 23, 2020 at 12:55 AM Carlito Nueno 
wrote:

> Hi all,
>
> I am using vpp v20.01 and govpp - v0.3.1
>
> lease.DomainServer is showing [0 0 0 0], empty Address and the conversion
> to IP address is 0.0.0.0.
>
> So it knows that there is one dns server but the value is all zeros.
>
> while vppctl sh dhcp client shows:
> lan1 state DHCP_BOUND installed 1 addr 10.150.150.21/24 gw 10.150.150.1
> server 10.150.150.1 dns 10.150.150.1
>
> dhcpDetails := _dhcp.DHCPClientDetails{}
> last, err := reqCtx.ReceiveReply(dhcpDetails)
> if last {
> break
> }
> if err != nil {
> return nil, err
> }
> client := dhcpDetails.Client
> lease := dhcpDetails.Lease
>
> When I try that method in vpp_api_test, I receive:
> *vat# dhcp_client_dump*
> dhcp_client_dump error: Unspecified Error
>
> Any advice? Thanks!
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#15858): https://lists.fd.io/g/vpp-dev/message/15858
Mute This Topic: https://lists.fd.io/mt/72486910/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] DHCPClientDump/DHCPClientDetails not showing correct DomainServer

2020-03-23 Thread carlito nueno 
Hi all,

I am using vpp v20.01 and govpp - v0.3.1

lease.DomainServer is showing [0 0 0 0], empty Address and the conversion
to IP address is 0.0.0.0.

So it knows that there is one dns server but the value is all zeros.

while vppctl sh dhcp client shows:
lan1 state DHCP_BOUND installed 1 addr 10.150.150.21/24 gw 10.150.150.1
server 10.150.150.1 dns 10.150.150.1

dhcpDetails := _dhcp.DHCPClientDetails{}
last, err := reqCtx.ReceiveReply(dhcpDetails)
if last {
break
}
if err != nil {
return nil, err
}
client := dhcpDetails.Client
lease := dhcpDetails.Lease

When I try that method in vpp_api_test, I receive:
*vat# dhcp_client_dump*
dhcp_client_dump error: Unspecified Error

Any advice? Thanks!
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#15840): https://lists.fd.io/g/vpp-dev/message/15840
Mute This Topic: https://lists.fd.io/mt/72486910/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] NAT44 UDP sessions are not clearing

2020-05-31 Thread carlito nueno 
Hi all,

I am using vpp v20.05 and running NAT44 in end-point dependent mode.

To test NAT, I created 50k tcp and udp sessions and ran packets for 5 mins.
Then I stopped the test.

As soon as the test is stopped, tcp established sessions is 0, tcp
transitory sessions increase and all of the tcp sessions become 0 after
about 7440 seconds.
But UDP sessions are still "open", as the count is still high even after 24
hours. *As you can see below, udp LRU session timeout is around 161589 and
total udp sessions is around 29k*

Any advice? Let me know if I am missing anything.

NAT44 pool addresses:
130.44.9.8
  tenant VRF independent
  0 busy other ports
  29058 busy udp ports
  0 busy tcp ports
  0 busy icmp ports
NAT44 twice-nat pool addresses:
max translations: 400
max translations per user: 1000
udp LRU min session timeout 5175 (now 161589)
total timed out sessions: 29025
total sessions: 29058
total tcp sessions: 0
total tcp established sessions: 0
total tcp transitory sessions: 0
total tcp transitory (WAIT-CLOSED) sessions: 0
total tcp transitory (CLOSED) sessions: 0
total udp sessions: 29058
total icmp sessions: 0

Thanks!
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#16588): https://lists.fd.io/g/vpp-dev/message/16588
Mute This Topic: https://lists.fd.io/mt/74589316/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Re: [vpp-dev] NAT44 UDP sessions are not clearing

2020-06-02 Thread carlito nueno 
Hi Klement,

Really appreciate the detailed explanation! That makes sense and I could
see that behavior from my tests.

Last question: does "max translations per user" matter any more because the
concept of user doesn't exist with new NAT?
max translations: 400
max translations per user: 500

>From my tests, each ip address can form as many sessions as needed as long
as the overall/total sessions stay under "max translations".

Thanks!

On Mon, Jun 1, 2020 at 12:47 AM Klement Sekera -X (ksekera - PANTHEON TECH
SRO at Cisco)  wrote:

> Hi,
>
> as you can see almost all of NAT sessions are timed out. NAT will
> automatically free and reuse them when needed again.
>
> this line:
> > udp LRU min session timeout 5175 (now 161589)
> hints whether immediate reuse is possible. Minimum session timeout in the
> LRU list for UDP sessions is 5175, while current vpp internal time is
> 161589. This means the first element in LRU list for UDP session is ready
> to be reaped.
>
> To avoid fluctuations in performance due to running periodic cleanup
> processes, NAT instead attempts to free one session anytime there is a
> request to create a new session. This means that at low steady rate,
> maximum number of sessions will peak at some point. E.g. with UDP timeout
> of 30 seconds and 100 sessions/second, after 30 seconds there will be
> around 3000 sessions and new sessions will also start to force cleanups.
> This will then cause the total sessions to remain at around 3000. If you
> stop creating new traffic, all of these eventually time out (without
> spending any CPU on these timeouts). If again after some time you start
> traffic, sessions will be freed and reused as required.
>
> Regards,
> Klement
>
> > On 31 May 2020, at 22:07, carlito nueno  wrote:
> >
> > Hi all,
> >
> > I am using vpp v20.05 and running NAT44 in end-point dependent mode.
> >
> > To test NAT, I created 50k tcp and udp sessions and ran packets for 5
> mins. Then I stopped the test.
> >
> > As soon as the test is stopped, tcp established sessions is 0, tcp
> transitory sessions increase and all of the tcp sessions become 0 after
> about 7440 seconds.
> > But UDP sessions are still "open", as the count is still high even after
> 24 hours. As you can see below, udp LRU session timeout is around 161589
> and total udp sessions is around 29k
> >
> > Any advice? Let me know if I am missing anything.
> >
> > NAT44 pool addresses:
> > 130.44.9.8
> >   tenant VRF independent
> >   0 busy other ports
> >   29058 busy udp ports
> >   0 busy tcp ports
> >   0 busy icmp ports
> > NAT44 twice-nat pool addresses:
> > max translations: 400
> > max translations per user: 1000
> > udp LRU min session timeout 5175 (now 161589)
> > total timed out sessions: 29025
> > total sessions: 29058
> > total tcp sessions: 0
> > total tcp established sessions: 0
> > total tcp transitory sessions: 0
> > total tcp transitory (WAIT-CLOSED) sessions: 0
> > total tcp transitory (CLOSED) sessions: 0
> > total udp sessions: 29058
> > total icmp sessions: 0
> >
> > Thanks!
> > 
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#16622): https://lists.fd.io/g/vpp-dev/message/16622
Mute This Topic: https://lists.fd.io/mt/74589316/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[vpp-dev] Having issues compiling 20.05.1 on Fedora 32

2020-06-23 Thread carlito nueno 
Hi,

I am receiving the following error when compiling on fedora 32:

compiling using:
make install-dep
make install-ext-deps
make build
make pkg-rpm

/usr/bin/ld:
/root/vpp/build/external/rpm/tmp/dpdk-20.02/x86_64-native-linuxapp-gcc/lib/librte_pmd_aesni_mb.a(rte_aesni_mb_pmd_ops.o):/root/vpp/build/external/rpm/tmp/dpdk-20.02/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h:22:
multiple definition of `aesni_mb_logtype_driver';
/root/vpp/build/external/rpm/tmp/dpdk-20.02/x86_64-native-linuxapp-gcc/lib/librte_pmd_aesni_mb.a(rte_aesni_mb_pmd.o):/root/vpp/build/external/rpm/tmp/dpdk-20.02/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h:22:
first defined here
/usr/bin/ld:
/root/vpp/build/external/rpm/tmp/dpdk-20.02/x86_64-native-linuxapp-gcc/lib/librte_pmd_aesni_gcm.a(aesni_gcm_pmd_ops.o):/root/vpp/build/external/rpm/tmp/dpdk-20.02/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h:23:
multiple definition of `aesni_gcm_logtype_driver';
/root/vpp/build/external/rpm/tmp/dpdk-20.02/x86_64-native-linuxapp-gcc/lib/librte_pmd_aesni_gcm.a(aesni_gcm_pmd.o):/root/vpp/build/external/rpm/tmp/dpdk-20.02/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h:23:
first defined here
/usr/bin/ld:
/root/vpp/build/external/rpm/tmp/dpdk-20.02/x86_64-native-linuxapp-gcc/lib/librte_pmd_octeontx2_crypto.a(otx2_cryptodev_hw_access.o):/root/vpp/build/external/rpm/tmp/dpdk-20.02/drivers/crypto/octeontx2/otx2_cryptodev_ops.h:19:
multiple definition of `otx2_cpt_ops';
/root/vpp/build/external/rpm/tmp/dpdk-20.02/x86_64-native-linuxapp-gcc/lib/librte_pmd_octeontx2_crypto.a(otx2_cryptodev.o):/root/vpp/build/external/rpm/tmp/dpdk-20.02/drivers/crypto/octeontx2/otx2_cryptodev_ops.h:19:
first defined here
/usr/bin/ld:
/root/vpp/build/external/rpm/tmp/dpdk-20.02/x86_64-native-linuxapp-gcc/lib/librte_pmd_octeontx2_crypto.a(otx2_cryptodev_hw_access.o):/root/vpp/build/external/rpm/tmp/dpdk-20.02/drivers/crypto/octeontx2/otx2_cryptodev.h:41:
multiple definition of `otx2_cryptodev_driver_id';
/root/vpp/build/external/rpm/tmp/dpdk-20.02/x86_64-native-linuxapp-gcc/lib/librte_pmd_octeontx2_crypto.a(otx2_cryptodev.o):/root/vpp/build/external/rpm/tmp/dpdk-20.02/drivers/crypto/octeontx2/otx2_cryptodev.h:41:
first defined here
/usr/bin/ld:
/root/vpp/build/external/rpm/tmp/dpdk-20.02/x86_64-native-linuxapp-gcc/lib/librte_pmd_octeontx2_crypto.a(otx2_cryptodev_mbox.o):/root/vpp/build/external/rpm/tmp/dpdk-20.02/drivers/crypto/octeontx2/otx2_cryptodev.h:41:
multiple definition of `otx2_cryptodev_driver_id';
/root/vpp/build/external/rpm/tmp/dpdk-20.02/x86_64-native-linuxapp-gcc/lib/librte_pmd_octeontx2_crypto.a(otx2_cryptodev.o):/root/vpp/build/external/rpm/tmp/dpdk-20.02/drivers/crypto/octeontx2/otx2_cryptodev.h:41:
first defined here
/usr/bin/ld:
/root/vpp/build/external/rpm/tmp/dpdk-20.02/x86_64-native-linuxapp-gcc/lib/librte_pmd_octeontx2_crypto.a(otx2_cryptodev_ops.o):/root/vpp/build/external/rpm/tmp/dpdk-20.02/drivers/crypto/octeontx2/otx2_cryptodev.h:41:
multiple definition of `otx2_cryptodev_driver_id';
/root/vpp/build/external/rpm/tmp/dpdk-20.02/x86_64-native-linuxapp-gcc/lib/librte_pmd_octeontx2_crypto.a(otx2_cryptodev.o):/root/vpp/build/external/rpm/tmp/dpdk-20.02/drivers/crypto/octeontx2/otx2_cryptodev.h:41:
first defined here
/usr/bin/ld:
/root/vpp/build/external/rpm/tmp/dpdk-20.02/x86_64-native-linuxapp-gcc/lib/librte_pmd_octeontx2_crypto.a(otx2_cryptodev_ops.o):/root/vpp/build/external/rpm/tmp/dpdk-20.02/drivers/crypto/octeontx2/otx2_cryptodev_ops.h:19:
multiple definition of `otx2_cpt_ops';
/root/vpp/build/external/rpm/tmp/dpdk-20.02/x86_64-native-linuxapp-gcc/lib/librte_pmd_octeontx2_crypto.a(otx2_cryptodev.o):/root/vpp/build/external/rpm/tmp/dpdk-20.02/drivers/crypto/octeontx2/otx2_cryptodev_ops.h:19:
first defined here
/usr/bin/ld:
/root/vpp/build/external/rpm/tmp/dpdk-20.02/x86_64-native-linuxapp-gcc/lib/librte_pmd_caam_jr.a(caam_jr.o):(.bss+0x0):
multiple definition of `rta_sec_era';
/root/vpp/build/external/rpm/tmp/dpdk-20.02/x86_64-native-linuxapp-gcc/lib/librte_pmd_dpaa2_sec.a(dpaa2_sec_dpseci.o):(.data+0x0):
first defined here
collect2: error: ld returned 1 exit status
make[9]: *** [/root/vpp/build/external/rpm/tmp/dpdk-20.02/mk/rte.app.mk:446:
dpdk-pdump] Error 1
make[8]: *** [/root/vpp/build/external/rpm/tmp/dpdk-20.02/mk/
rte.subdir.mk:37: pdump] Error 2
make[8]: *** Waiting for unfinished jobs
collect2: error: ld returned 1 exit status
make[9]: *** [/root/vpp/build/external/rpm/tmp/dpdk-20.02/mk/rte.app.mk:446:
dpdk-procinfo] Error 1
make[8]: *** [/root/vpp/build/external/rpm/tmp/dpdk-20.02/mk/
rte.subdir.mk:37: proc-info] Error 2
collect2: error: ld returned 1 exit status
make[9]: *** [/root/vpp/build/external/rpm/tmp/dpdk-20.02/mk/rte.app.mk:446:
cmdline_test] Error 1
make[8]: *** [/root/vpp/build/external/rpm/tmp/dpdk-20.02/mk/
rte.subdir.mk:37: test-cmdline] Error 2
collect2: error: ld returned 1 exit status
make[9]: *** [/root/vpp/build/external/rpm/tmp/dpdk-20.02/mk/rte.app.mk:446:
test] Error 1
make[8]: ***

Re: [vpp-dev] Having issues compiling 20.05.1 on Fedora 32

2020-06-23 Thread carlito nueno 
 of `otx2_cpt_ops';
/root/vpp/build/external/rpm/tmp/dpdk-20.02/x86_64-native-linuxapp-gcc/lib/librte_pmd_octeontx2_crypto.a(otx2_cryptodev.o):/root/vpp/build/external/rpm/tmp/dpdk-20.02/drivers/crypto/octeontx2/otx2_cryptodev_ops.h:19:
first defined here
/usr/bin/ld:
/root/vpp/build/external/rpm/tmp/dpdk-20.02/x86_64-native-linuxapp-gcc/lib/librte_pmd_caam_jr.a(caam_jr.o):(.bss+0x0):
multiple definition of `rta_sec_era';
/root/vpp/build/external/rpm/tmp/dpdk-20.02/x86_64-native-linuxapp-gcc/lib/librte_pmd_dpaa2_sec.a(dpaa2_sec_dpseci.o):(.data+0x0):
first defined here
collect2: error: ld returned 1 exit status
make[9]: *** [/root/vpp/build/external/rpm/tmp/dpdk-20.02/mk/rte.app.mk:446:
test] Error 1
make[8]: *** [/root/vpp/build/external/rpm/tmp/dpdk-20.02/mk/
rte.subdir.mk:37: test] Error 2
make[7]: *** [/root/vpp/build/external/rpm/tmp/dpdk-20.02/mk/
rte.sdkbuild.mk:48: app] Error 2
make[6]: *** [/root/vpp/build/external/rpm/tmp/dpdk-20.02/mk/
rte.sdkroot.mk:99: all] Error 2
make[5]: *** [/root/vpp/build/external/rpm/tmp/dpdk-20.02/mk/
rte.sdkinstall.mk:61: pre_install] Error 2
make[4]: *** [/root/vpp/build/external/rpm/tmp/dpdk-20.02/mk/
rte.sdkroot.mk:77: install] Error 2
make[4]: Leaving directory '/root/vpp/build/external/rpm/tmp/dpdk-20.02'
make[3]: *** [packages/dpdk.mk:294:
/root/vpp/build/external/rpm/tmp/.dpdk-build.ok] Error 2
make[3]: Leaving directory '/root/vpp/build/external'
error: Bad exit status from /var/tmp/rpm-tmp.KUuhOZ (%install)


RPM build errors:
Bad exit status from /var/tmp/rpm-tmp.KUuhOZ (%install)
make[2]: *** [Makefile:111: vpp-ext-deps-20.05-0.x86_64.rpm] Error 1
make[2]: Leaving directory '/root/vpp/build/external'
make[1]: *** [Makefile:123: install-rpm] Error 2
make[1]: Leaving directory '/root/vpp/build/external'
make: *** [Makefile:633: install-ext-deps] Error 2
Please install missing RPMs: \npackage compat-openssl10-devel is not
installedpackage python3-jsonschema is not installed\n
by executing "make install-dep"\n
make: *** [Makefile:284: /root/vpp/build-root/.deps.ok] Error 1
tar: Removing leading `/' from member names
tar: Removing leading `/' from hard link targets
/root/vpp/build-root/vpp-20.05.4-release.tar (1/1)
  100 % 17.3 MiB / 48.3 MiB = 0.358   3.4 MiB/s   0:14
make -C extras/rpm
make[1]: Entering directory '/root/vpp/extras/rpm'
/root/vpp/build-root/vpp-20.05.4-release.tar.xz
mkdir -p /root/vpp/build-root/rpmbuild/{RPMS,SRPMS,BUILD,SOURCES,SPECS}
cp /root/vpp/build-root/vpp-20.05.4-release.tar.xz
/root/vpp/build-root/rpmbuild/SOURCES/vpp-20.05.4-release.tar.xz
cp 'vpp.spec' /root/vpp/build-root/rpmbuild/SPECS
rpmbuild -bb \
  --define "_topdir /root/vpp/build-root/rpmbuild" \
  --define "_version 20.05.4" \
  --define "_release release" \
  /root/vpp/build-root/rpmbuild/SPECS/'vpp.spec'
error: parse error in expression:  0%{rhel} < 8
error:  ^
error: /root/vpp/build-root/rpmbuild/SPECS/vpp.spec:162: bad %if condition:
 0%{rhel} < 8
make[1]: *** [Makefile:57: RPM] Error 1
make[1]: Leaving directory '/root/vpp/extras/rpm'
make: *** [Makefile:620: pkg-rpm] Error 2

On Tue, Jun 23, 2020 at 1:48 AM carlito nueno via lists.fd.io  wrote:

> Hi,
>
> I am receiving the following error when compiling on fedora 32:
>
> compiling using:
> make install-dep
> make install-ext-deps
> make build
> make pkg-rpm
>
> /usr/bin/ld:
> /root/vpp/build/external/rpm/tmp/dpdk-20.02/x86_64-native-linuxapp-gcc/lib/librte_pmd_aesni_mb.a(rte_aesni_mb_pmd_ops.o):/root/vpp/build/external/rpm/tmp/dpdk-20.02/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h:22:
> multiple definition of `aesni_mb_logtype_driver';
> /root/vpp/build/external/rpm/tmp/dpdk-20.02/x86_64-native-linuxapp-gcc/lib/librte_pmd_aesni_mb.a(rte_aesni_mb_pmd.o):/root/vpp/build/external/rpm/tmp/dpdk-20.02/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h:22:
> first defined here
> /usr/bin/ld:
> /root/vpp/build/external/rpm/tmp/dpdk-20.02/x86_64-native-linuxapp-gcc/lib/librte_pmd_aesni_gcm.a(aesni_gcm_pmd_ops.o):/root/vpp/build/external/rpm/tmp/dpdk-20.02/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h:23:
> multiple definition of `aesni_gcm_logtype_driver';
> /root/vpp/build/external/rpm/tmp/dpdk-20.02/x86_64-native-linuxapp-gcc/lib/librte_pmd_aesni_gcm.a(aesni_gcm_pmd.o):/root/vpp/build/external/rpm/tmp/dpdk-20.02/drivers/crypto/aesni_gcm/aesni_gcm_pmd_private.h:23:
> first defined here
> /usr/bin/ld:
> /root/vpp/build/external/rpm/tmp/dpdk-20.02/x86_64-native-linuxapp-gcc/lib/librte_pmd_octeontx2_crypto.a(otx2_cryptodev_hw_access.o):/root/vpp/build/external/rpm/tmp/dpdk-20.02/drivers/crypto/octeontx2/otx2_cryptodev_ops.h:19:
> multiple definition of `otx2_cpt_ops';
> /root/vpp/build/external/rpm/tmp/dpdk-20.02/x86_64-native-linuxapp-gcc/lib/librte_pmd_octeontx2_crypto.a(otx2_cryptodev.o):/root/vpp/build/external/rpm/tmp/dpdk-20.02/drivers/crypto/octeontx2/otx2_crypto

Re: [vpp-dev] NAT44 UDP sessions are not clearing

2020-06-02 Thread carlito nueno 
Hi Klement,

Got it.

Sorry one more question :)

I did another test and I noticed that tcp transitory sessions increase
rapidly when I create new sessions from new internal ip address really fast
(without delay). for example:
tcp sessions are never stopped, so tcp transitory sessions should be 0 at
all times.

from ip address 192.168.1.2

NAT44 pool addresses:
130.44.9.8
  tenant VRF independent
  0 busy other ports
  36 busy udp ports
  7694 busy tcp ports
  0 busy icmp ports
NAT44 twice-nat pool addresses:
max translations: 400
max translations per user: 500
established tcp LRU min session timeout 7842 (now 402)
udp LRU min session timeout 670 (now 402)
total timed out sessions: 0
total sessions: 1203
total tcp sessions: 1200
total tcp established sessions: 1200
total tcp transitory sessions: 0
total tcp transitory (WAIT-CLOSED) sessions: 0
total tcp transitory (CLOSED) sessions: 0
total udp sessions: 3
total icmp sessions: 0

*added 600 sessions *from ip address 192.168.1.3

NAT44 pool addresses:
130.44.9.8
  tenant VRF independent
  0 busy other ports
  36 busy udp ports
  9395 busy tcp ports
  0 busy icmp ports
NAT44 twice-nat pool addresses:
max translations: 400
max translations per user: 500
established tcp LRU min session timeout 7845 (now 405)
transitory tcp LRU min session timeout 644 (now 405)
udp LRU min session timeout 670 (now 405)
total timed out sessions: 0
total sessions: 2904
total tcp sessions: 2901
total tcp established sessions: 1800
total tcp transitory sessions: *1101*
total tcp transitory (WAIT-CLOSED) sessions: 0
total tcp transitory (CLOSED) sessions: 0
total udp sessions: 3
total icmp sessions: 0

Thanks!

On Tue, Jun 2, 2020 at 11:47 AM Klement Sekera -X (ksekera - PANTHEON TECH
SRO at Cisco)  wrote:

> Hi Carlito,
>
> For ED NAT it doesn’t, as ED NAT no longer has any “user” concept. The
> code for different flavours of NAT needs to be split and polished anyway.
> Idea is to have data/code/APIs separate where appropriate.
>
> Thanks,
> Klement
>
> > On 2 Jun 2020, at 20:31, Carlito Nueno  wrote:
> >
> > Hi Klement,
> >
> > Really appreciate the detailed explanation! That makes sense and I could
> see that behavior from my tests.
> >
> > Last question: does "max translations per user" matter any more because
> the concept of user doesn't exist with new NAT?
> > max translations: 400
> > max translations per user: 500
> >
> > From my tests, each ip address can form as many sessions as needed as
> long as the overall/total sessions stay under "max translations".
> >
> > Thanks!
> >
> > On Mon, Jun 1, 2020 at 12:47 AM Klement Sekera -X (ksekera - PANTHEON
> TECH SRO at Cisco)  wrote:
> > Hi,
> >
> > as you can see almost all of NAT sessions are timed out. NAT will
> automatically free and reuse them when needed again.
> >
> > this line:
> > > udp LRU min session timeout 5175 (now 161589)
> > hints whether immediate reuse is possible. Minimum session timeout in
> the LRU list for UDP sessions is 5175, while current vpp internal time is
> 161589. This means the first element in LRU list for UDP session is ready
> to be reaped.
> >
> > To avoid fluctuations in performance due to running periodic cleanup
> processes, NAT instead attempts to free one session anytime there is a
> request to create a new session. This means that at low steady rate,
> maximum number of sessions will peak at some point. E.g. with UDP timeout
> of 30 seconds and 100 sessions/second, after 30 seconds there will be
> around 3000 sessions and new sessions will also start to force cleanups.
> This will then cause the total sessions to remain at around 3000. If you
> stop creating new traffic, all of these eventually time out (without
> spending any CPU on these timeouts). If again after some time you start
> traffic, sessions will be freed and reused as required.
> >
> > Regards,
> > Klement
> >
> > > On 31 May 2020, at 22:07, carlito nueno 
> wrote:
> > >
> > > Hi all,
> > >
> > > I am using vpp v20.05 and running NAT44 in end-point dependent mode.
> > >
> > > To test NAT, I created 50k tcp and udp sessions and ran packets for 5
> mins. Then I stopped the test.
> > >
> > > As soon as the test is stopped, tcp established sessions is 0, tcp
> transitory sessions increase and all of the tcp sessions become 0 after
> about 7440 seconds.
> > > But UDP sessions are still "open", as the count is still high even
> after 24 hours. As you can see below, udp LRU session timeout is around
> 161589 and total udp sessions is around 29k
> > >
> > > Any advice? Let me know if I am missing anything.
> >

Re: [vpp-dev] NAT44 UDP sessions are not clearing

2020-06-02 Thread carlito nueno 
Testing with 30 ip addresses (users) opening around 300 sessions each.

When using vpp-20.01 + fixes by you and Filip (before the port overloading
patches), total sessions and total transitory sessions were much smaller
(around 15062).

on vpp-20.05 with port overloading

NAT44 pool addresses:
130.44.9.8
  tenant VRF independent
  0 busy other ports
  32 busy udp ports
  *63071* busy tcp ports
  1 busy icmp ports
NAT44 twice-nat pool addresses:
max translations: 400
max translations per user: 500
established tcp LRU min session timeout 7792 (now 352)
transitory tcp LRU min session timeout 294 (now 352)
udp LRU min session timeout 312 (now 352)
total timed out sessions: 119312
total sessions: *128639*
total tcp sessions: 128607
total tcp established sessions: 9300
total tcp transitory sessions: *119307*
total tcp transitory (WAIT-CLOSED) sessions: 0
total tcp transitory (CLOSED) sessions: 0
total udp sessions: 32
total icmp sessions: 0

On Tue, Jun 2, 2020 at 8:42 PM carlito nueno via lists.fd.io  wrote:

> Hi Klement,
>
> Got it.
>
> Sorry one more question :)
>
> I did another test and I noticed that tcp transitory sessions increase
> rapidly when I create new sessions from new internal ip address really fast
> (without delay). for example:
> tcp sessions are never stopped, so tcp transitory sessions should be 0 at
> all times.
>
> from ip address 192.168.1.2
>
> NAT44 pool addresses:
> 130.44.9.8
>   tenant VRF independent
>   0 busy other ports
>   36 busy udp ports
>   7694 busy tcp ports
>   0 busy icmp ports
> NAT44 twice-nat pool addresses:
> max translations: 400
> max translations per user: 500
> established tcp LRU min session timeout 7842 (now 402)
> udp LRU min session timeout 670 (now 402)
> total timed out sessions: 0
> total sessions: 1203
> total tcp sessions: 1200
> total tcp established sessions: 1200
> total tcp transitory sessions: 0
> total tcp transitory (WAIT-CLOSED) sessions: 0
> total tcp transitory (CLOSED) sessions: 0
> total udp sessions: 3
> total icmp sessions: 0
>
> *added 600 sessions *from ip address 192.168.1.3
>
> NAT44 pool addresses:
> 130.44.9.8
>   tenant VRF independent
>   0 busy other ports
>   36 busy udp ports
>   9395 busy tcp ports
>   0 busy icmp ports
> NAT44 twice-nat pool addresses:
> max translations: 400
> max translations per user: 500
> established tcp LRU min session timeout 7845 (now 405)
> transitory tcp LRU min session timeout 644 (now 405)
> udp LRU min session timeout 670 (now 405)
> total timed out sessions: 0
> total sessions: 2904
> total tcp sessions: 2901
> total tcp established sessions: 1800
> total tcp transitory sessions: *1101*
> total tcp transitory (WAIT-CLOSED) sessions: 0
> total tcp transitory (CLOSED) sessions: 0
> total udp sessions: 3
> total icmp sessions: 0
>
> Thanks!
>
> On Tue, Jun 2, 2020 at 11:47 AM Klement Sekera -X (ksekera - PANTHEON TECH
> SRO at Cisco)  wrote:
>
>> Hi Carlito,
>>
>> For ED NAT it doesn’t, as ED NAT no longer has any “user” concept. The
>> code for different flavours of NAT needs to be split and polished anyway.
>> Idea is to have data/code/APIs separate where appropriate.
>>
>> Thanks,
>> Klement
>>
>> > On 2 Jun 2020, at 20:31, Carlito Nueno  wrote:
>> >
>> > Hi Klement,
>> >
>> > Really appreciate the detailed explanation! That makes sense and I
>> could see that behavior from my tests.
>> >
>> > Last question: does "max translations per user" matter any more because
>> the concept of user doesn't exist with new NAT?
>> > max translations: 400
>> > max translations per user: 500
>> >
>> > From my tests, each ip address can form as many sessions as needed as
>> long as the overall/total sessions stay under "max translations".
>> >
>> > Thanks!
>> >
>> > On Mon, Jun 1, 2020 at 12:47 AM Klement Sekera -X (ksekera - PANTHEON
>> TECH SRO at Cisco)  wrote:
>> > Hi,
>> >
>> > as you can see almost all of NAT sessions are timed out. NAT will
>> automatically free and reuse them when needed again.
>> >
>> > this line:
>> > > udp LRU min session timeout 5175 (now 161589)
>> > hints whether immediate reuse is possible. Minimum session timeout in
>> the LRU list for UDP sessions is 5175, while current vpp internal time is
>> 161589. This means the first element in LRU list for UDP session is ready
>> to be reaped.
>> >
>> > To avoid fluctuations in performance due to running periodic cleanup
>> processes, NAT instead attempts to free one session anyti

Re: [vpp-dev] VPP and IS-IS

2021-06-18 Thread carlito nueno 
Sorry to interject with my questions.

1. Is Linux-cp alternative to tapv2 interfaces?
2. If ping plug-in is disabled, what’s the alternative to test ping?

Thanks and sorry again for abrupt and novice questions.

On Thu, Jun 17, 2021 at 5:59 PM Mike Beattie  wrote:

> On Wed, Jun 16, 2021 at 09:14:13AM -0700, tim.boh...@gmx.ch wrote:
> > Hi, I have found VPP as I was looking for an SRv6 testbed with a
> > distributed control plane via IS-IS. Now the initial intent and how I
> came
> > to VPP was a combination of FRR and VPP, which is discontinued as it
> > seems. After some unfruitful research my question is if there is any
> > existing possibility I may have overlooked to combine VPP with IS-IS?
> > Sorry if this was answered before, my search only brought up old answers
> > and I am unsure if this has changed.
>
> Tim,
>
> The current way to do this will be with the linux-cp and linux-nl plugins.
>
> linux-cp has been merged to master, but linux-nl is still in development.
> The Changeset for that is here: https://gerrit.fd.io/r/c/vpp/+/31122
>
> Your rough order of actions is:
> * clone master:
>   - git clone https://gerrit.fd.io/r/vpp
> * fetch the linux-nl changeset to your local repository:
>   - git fetch origin refs/changes/22/31122/8
>   - git checkout -b linux-nl b4ed743
> * rebase or cherry-pick that changeset onto master:
>   - git checkout linux-nl
>   - git rebase master
>   - [fix conflicts - there's a couple now]
> * build.
>
> * Configure in /etc/vpp/startup.conf :
>   - disable ping and enable cp/nl:
> o Add to plugins {} :
> plugin ping_plugin.so { disable }
> plugin linux_cp_plugin.so { enable }
> plugin linux_nl_plugin.so { enable }
>
>   - Enable linux-cp:
> o Add this section:
>   linux-cp {
>   default netns dataplane
>   interface-auto-create  # Optional
>   }
>
> * With latest FRR, start watchfrr with --netns. On Debian, in
>   /etc/frr/daemons:
> watchfrr_options="--netns=dataplane"
>
> I've been slowly building a new router infrastructure with this using OSPF
> and BGP, so far so good.
>
> Mike.
> --
> Mike Beattie 
>
> 
>
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#19613): https://lists.fd.io/g/vpp-dev/message/19613
Mute This Topic: https://lists.fd.io/mt/83584229/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-